hard limits?

I'm sure I'm just doing it wrong but I'm having trouble with an ipset hitting "maxelem 65536 reached." I tried: $ sudo firewall-cmd --permanent --new-ipset=blacklist --type=hash:ip --option=maxelem:131072 success which creates: $ sudo more /etc/firewalld/ipsets/blacklist.xml <?xml version="1.0" encoding="utf-8"?> <ipset type="hash:ip"> <option name="maxelem:131072"/> </ipset> but when I load with $ sudo firewall-cmd --reload: Jun 18 11:40:20 temp-2 firewalld: WARNING: INVALID_IPSET: blacklist Jun 18 11:40:35 temp-2 firewalld: ERROR: Failed to load ipset file '/etc/firewalld/ipsets/blacklist.xml': INVALID_OPTION: Unknown option 'maxelem:131072' Jun 18 11:40:35 temp-2 firewalld: WARNING: INVALID_IPSET: blacklist Jun 18 11:40:37 temp-2 firewalld: ERROR: Failed to load ipset file 'blacklist.xml': INVALID_OPTION: Unknown option 'maxelem:131072' I thought I would work around it by splitting my ipset in two but that still generated the maxelem error for both files: Jun 18 12:13:27 temp-2 firewalld: ERROR: Failed to create ipset 'blacklist-1' Jun 18 12:13:27 temp-2 firewalld: ERROR: '/usr/sbin/ipset restore' failed: Jun 18 12:13:27 temp-2 kernel: Set blacklist-2 is full, maxelem 65536 reached Jun 18 12:13:27 temp-2 firewalld: ERROR: Failed to create ipset 'blacklist-2' Jun 18 12:13:27 temp-2 firewalld: ERROR: '/usr/sbin/ipset restore' failed: and removing the larger of the two, I still get the maxelem error for what is now a pretty small file. I'm stumped and trying to avoid having to add each entry via sudo firewall-cmd --permanent --ipset=blacklist --add-entry=... Thanks for any guidance out there, -David