I have CentOS 6.6 (2.6.32-504.3.3.el6.x86_64) and ipset is installed list of /lib/modules/2.6.32-504.3.3.el6.x86_64/kernel/net/netfilter/ipset
contain: ip_set_bitmap_ip.ko ip_set_bitmap_port.ko ip_set_hash_ipportip.ko ip_set_hash_ipportnet.ko ip_set_hash_netport.ko ip_set_list_set.ko
ip_set_bitmap_ipmac.ko ip_set_hash_ip.ko ip_set_hash_ipport.ko ip_set_hash_net.ko ip_set.ko
But rule -A INPUT -m set --match-set blacklist src -j DROP in file /etc/sysconfig/iptables after execute /etc/init.d/iptables restart generate error iptables: ...... iptables-restore v1.4.7: Kernel module ip_set is not loaded in..
Can somebody help me what is wrong? I know, module is not loaded (lsmod not contain nothing with ipset), but why, if I ipsset loaded?
THX
problem with ipset in iptables rules
Re: problem with ipset in iptables rules
You have to create the ipset with the ipset command, you have to add ip addresses or subnets to that ipset and you have to save them with service ipset save. There is an ipset initscript that should be set to execute prior to the iptables one so that the saved ipsets are loaded prior to the iptables rules being loaded.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: problem with ipset in iptables rules
thx for explanation. I hoped that it is less complicated and one row in iptables is enough 