From 72af906dba1d2ccc57db54a4071d56b08b1a0b97 Mon Sep 17 00:00:00 2001
From: Marco Mariani <marco@crowdsec.net>
Date: Thu, 26 Oct 2023 21:38:45 +0200
Subject: [PATCH] allow ipset to clean up tables when receiving sigterm

---
 config/crowdsec-firewall-bouncer.service | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/crowdsec-firewall-bouncer.service b/config/crowdsec-firewall-bouncer.service
index 290cde41..b8b20ab1 100644
--- a/config/crowdsec-firewall-bouncer.service
+++ b/config/crowdsec-firewall-bouncer.service
@@ -11,6 +11,9 @@ ExecStartPost=/bin/sleep 0.1
 Restart=always
 RestartSec=10
 LimitNOFILE=65536
+# don't send a termination signal to the children processes,
+# because the iptables backend needs to run ipset multiple times to properly shutdown
+KillMode=mixed
 
 [Install]
 WantedBy=multi-user.target