Hello, I have been using ipset to blacklist badbots. Works like a champ! The only problem is if I do a system reboot, I lose the ipset and the rule. I changed /etc/sysconfig/iptables.conf to: IPTABLES_SAVE_ON_RESTART="yes" IPTABLES_SAVE_ON_STOP="yes" And followed the instructions in: https://www.centos.org/forums/viewtopic.php?t=3853 The changes are still not saved. The rules show up in the running /etc/syscong/iptables but are lost on a reboot. Also, firewalld is not installed. This is a CentOS 6.8 system. One question, do I need to stop iptables before I add the rules? I have seen examples where sometimes they do and sometimes they don't. TIA
On 9/11/2016 8:55 AM, TE Dukes wrote:> I have been using ipset to blacklist badbots. Works like a champ! > > The only problem is if I do a system reboot, I lose the ipset and the rule. > > I changed /etc/sysconfig/iptables.conf to: > > IPTABLES_SAVE_ON_RESTART="yes" > IPTABLES_SAVE_ON_STOP="yes" > > And followed the instructions in: > > https://www.centos.org/forums/viewtopic.php?t=3853 > > The changes are still not saved.wild guess says, you need to ... chkconfig on ipset service ipset start and when you change ipset stuff, service ipset save but I'm just guessing, I've never used ipsets. -- john r pierce, recycling bits in santa cruz
> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of John R Pierce > Sent: Sunday, September 11, 2016 10:44 PM > To: centos at centos.org > Subject: Re: [CentOS] Iptables not save rules > > On 9/11/2016 8:55 AM, TE Dukes wrote: > > I have been using ipset to blacklist badbots. Works like a champ! > > > > The only problem is if I do a system reboot, I lose the ipset and therule.> > > > I changed /etc/sysconfig/iptables.conf to: > > > > IPTABLES_SAVE_ON_RESTART="yes" > > IPTABLES_SAVE_ON_STOP="yes" > > > > And followed the instructions in: > > > > https://www.centos.org/forums/viewtopic.php?t=3853 > > > > The changes are still not saved. > > wild guess says, you need to ... > > chkconfig on ipset > service ipset start > > and when you change ipset stuff, > > service ipset save > > > but I'm just guessing, I've never used ipsets. > > > -- > john r pierce, recycling bits in santa cruz[Thomas E Dukes] THANKS!! I did not realize ipset was running as a service. Been trying figure out what was wrong for a couple weeks. Only way to know is to do a reboot and see what happens. Ipset save xxxxxx apparently doesn't really do anything. Thanks, again!!