ipset
-
- Posts: 37
- Joined: 2012/03/27 00:15:55
- Contact:
ipset
I use ipset with ip blocking.
The problem is that I need to change the init script so it will restore the blacklist before iptables is loaded.
My problem is that when there is an update for ipset the script might be changed. So where to put the restore so in wouldn't be lost?
The problem is that I need to change the init script so it will restore the blacklist before iptables is loaded.
My problem is that when there is an update for ipset the script might be changed. So where to put the restore so in wouldn't be lost?
Re: ipset
There is already an ipset initscript that reloads the sets from /etc/sysconfig/ipset and it runs before the similar job to start iptables. You don't need to do anything other than
service ipset save
service ipset save
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 37
- Joined: 2012/03/27 00:15:55
- Contact:
Re: ipset
I have the initscript but I cannot see how the the blacklist is saved.
I make a list called blacklist4 and blacklist6 and add manual ip adresses.
#! /bin/bash
# Add a ip4 address to the blacklist.
ipset add blacklist4 $1
ipset save blacklist4 > /etc/sysconfig/blacklist4
the restore code should be: ipset restore /etc/sysconfig/blacklist4
I make a list called blacklist4 and blacklist6 and add manual ip adresses.
#! /bin/bash
# Add a ip4 address to the blacklist.
ipset add blacklist4 $1
ipset save blacklist4 > /etc/sysconfig/blacklist4
the restore code should be: ipset restore /etc/sysconfig/blacklist4
Re: ipset
That's not how it works. You adjust the running ipsets using the ipset command. When you want to save those sets you run service ipsset save and it saves them to /etc/sysconfig/ipset and makes a backup copy and makes sure that permissions and selinux contexts on the file are correct. When you (or the system) starts the ipset service, it will automatically restore the ipsets from /etc/sysconfig/ipset.
So your job is to amend the ipsets and then run service ipset save and then that's it. All done.
So your job is to amend the ipsets and then run service ipset save and then that's it. All done.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 37
- Joined: 2012/03/27 00:15:55
- Contact:
Re: ipset
I used service ipset save and it made the same file. Only difference is the name.
If I understand correct is that both balcklist4 and blacklist6 are stored in the same file.
After changing the lists are now loaded at boottime.
I made a webpage about iptabels and ipset:
https://www.robkalmeijer.nl/techniek/co ... index.html
Please read it and if errors please notify.
Thanks for your help.
If I understand correct is that both balcklist4 and blacklist6 are stored in the same file.
After changing the lists are now loaded at boottime.
I made a webpage about iptabels and ipset:
https://www.robkalmeijer.nl/techniek/co ... index.html
Please read it and if errors please notify.
Thanks for your help.
-
- Posts: 37
- Joined: 2012/03/27 00:15:55
- Contact:
Re: ipset
This run on Centos6
-
- Posts: 37
- Joined: 2012/03/27 00:15:55
- Contact:
Re: ipset
The use of su takes more passwords entering.
I always login as root. Works easier. I do have user account for normal access.
I always login as root. Works easier. I do have user account for normal access.
Re: ipset
On CentOS 6 the ipset code is older and saves the ipsets as a single file and restores them all from that file. In later versions, ipset saves each ipset to a separately named file in /etc/sysconfig/ipset.d. If you're on CentOS 6 then you have to save and restore them all in one go.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke