Page 1 of 2
Posted: 2019/11/17 17:33:41
I use ipset with ip blocking.
The problem is that I need to change the init script so it will restore the blacklist before iptables is loaded.
My problem is that when there is an update for ipset the script might be changed. So where to put the restore so in wouldn't be lost?
Posted: 2019/11/17 21:06:13
There is already an ipset initscript that reloads the sets from /etc/sysconfig/ipset and it runs before the similar job to start iptables. You don't need to do anything other than
service ipset save
Posted: 2019/11/26 23:33:33
I have the initscript but I cannot see how the the blacklist is saved.
I make a list called blacklist4 and blacklist6 and add manual ip adresses.
# Add a ip4 address to the blacklist.
ipset add blacklist4 $1
ipset save blacklist4 > /etc/sysconfig/blacklist4
the restore code should be: ipset restore /etc/sysconfig/blacklist4
Posted: 2019/11/27 07:30:11
That's not how it works. You adjust the running ipsets using the ipset command. When you want to save those sets you run service ipsset save and it saves them to /etc/sysconfig/ipset and makes a backup copy and makes sure that permissions and selinux contexts on the file are correct. When you (or the system) starts the ipset service, it will automatically restore the ipsets from /etc/sysconfig/ipset.
So your job is to amend the ipsets and then run service ipset save and then that's it. All done.
Posted: 2019/12/04 01:31:33
I used service ipset save and it made the same file. Only difference is the name.
If I understand correct is that both balcklist4 and blacklist6 are stored in the same file.
After changing the lists are now loaded at boottime.
I made a webpage about iptabels and ipset:
https://www.robkalmeijer.nl/techniek/co ... index.html
Please read it and if errors please notify.
Thanks for your help.
Posted: 2019/12/04 09:44:48
You don't mention the operating system (version) where your method applies. You should.
Posted: 2019/12/05 02:24:47
This run on Centos6
Posted: 2019/12/05 06:04:33
On your blog. How would a reader of your web know whether the text applies to them?
Your prompts reveal that you run as root. That is not a best practice.
Posted: 2019/12/06 00:57:07
The use of su takes more passwords entering.
I always login as root. Works easier. I do have user account for normal access.
Posted: 2019/12/06 09:56:05
On CentOS 6 the ipset code is older and saves the ipsets as a single file and restores them all from that file. In later versions, ipset saves each ipset to a separately named file in /etc/sysconfig/ipset.d. If you're on CentOS 6 then you have to save and restore them all in one go.