--- ipset.initd-r1	2011-11-11 02:32:56.000000000 +0400
+++ ipset.initd-r2	2011-12-05 14:07:39.895113111 +0400
@@ -30,7 +30,14 @@
 
 stop() {
     # check if there are any references to current sets
-    if ! ipset list | gawk '($1 == "References:" && $2 > 0) { exit 1 }'; then
+
+    if ! ipset list | gawk '
+        ($1 == "References:") { refcnt += $2 }
+        ($1 == "Type:" && $2 == "list:set") { set = 1 }
+        (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } }
+        (set && $1 == "Members:") {scan = 1}
+        END { if ((refcnt - setcnt) > 0) exit 1 }
+    '; then
         eerror "ipset is in use, can't stop"
         return 1
     fi
@@ -40,6 +47,7 @@
     fi
 
     ebegin "Removing kernel IP sets"
+    ipset flush
     ipset destroy
     eend $?
 }