search for: ipset

ipset on CentOS6 comes with /etc/rc.d/init.d/ipset so that "service ipset reload" can be used to (re)load the configuration. CentOS7 doesn't come with an equivalent for systemd: # systemctl reload ipset.service Failed to issue method call: Unit ipset.service failed to load: No such file...

Anybody on here successfully get ipset iptables sets to work _after_ a reboot? My question on StackExchange http://unix.stackexchange.com/questions/149536/upon-bootup-all-iptables-are-lost-because-the-kernel-module-ip-set-is-not-loade Some of the things that need to be in place, otherwise iptables does not load: 1.) The kernel module i...

...os-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of John R Pierce > Sent: Sunday, September 11, 2016 10:44 PM > To: centos at centos.org > Subject: Re: [CentOS] Iptables not save rules > > On 9/11/2016 8:55 AM, TE Dukes wrote: > > I have been using ipset to blacklist badbots. Works like a champ! > > > > The only problem is if I do a system reboot, I lose the ipset and the rule. > > > > I changed /etc/sysconfig/iptables.conf to: > > > > IPTABLES_SAVE_ON_RESTART="yes" > > IPTABLES_SAVE_ON_STOP=&quo...

-------- Original Message -------- Subject: Re: [CentOS] ipset and blacklisting From: "Albert McCann" <mac358 at newsguy.com> Date: Wed, September 21, 2016 5:34 am To: "'CentOS mailing list'" <centos at centos.org> How are you saving and reloading the ipsets over a reboot? > -----Original Message----- > From: cen...

http://bugzilla.netfilter.org/show_bug.cgi?id=733 Summary: ipset restore won't restore from output of ipset save Product: ipset Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: default AssignedTo: netfil...

https://bugzilla.netfilter.org/show_bug.cgi?id=1750 Bug ID: 1750 Summary: 'ipset save' does not save in format loadable by systemd (it saves in 'ipset list' format) Product: ipset Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5...

Hi all I have a CentOS6 box with shorewall-4.5.21. If I have IPSET= in shorewall.conf and I issue the command "shorewall add ppp:192.168.33.3 ptp", I get the error: /usr/share/shorewall/lib.cli: line 585: [: too many arguments ERROR: Zone ptp, interface ppp does not have a dynamic host list The error is corrected setting the actual path to ipset in s...

I have been using shorewall for years with ipsets. I have encountered a problem after upgrading from 4.2.11 to 4.4.10. When I run ''shorewall-check'' or ''shorewall start'', it halts with the error: ---------------------------------------------------------------------- ERROR: ipset names in Shorewall configuration...

http://bugzilla.netfilter.org/show_bug.cgi?id=640 Summary: ipset-4.2 : ipset -T <some_setlist> <address> always negative Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P1 Component: default...

http://bugzilla.netfilter.org/show_bug.cgi?id=788 Summary: Allow saving to/restoring from a file without shell redirection Product: ipset Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: default AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: bochecha at fedoraproject.org...

https://bugzilla.netfilter.org/show_bug.cgi?id=1726 Bug ID: 1726 Summary: invalid json generated by ipset list -output json Product: ipset Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: trivial Priority: P5 Component: default Assignee: netfilter-buglog at lists.netfilter....

https://bugzilla.netfilter.org/show_bug.cgi?id=1119 Bug ID: 1119 Summary: Hash code evicting other entries upon entry deletion (v6.25.1-v6.30) Product: ipset Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: default Assignee: netfilter-buglog at lists.netfilter.org Reporter: eje.netfilter at ewanco.com Cre...

http://bugzilla.netfilter.org/show_bug.cgi?id=773 Summary: iptables performance limits on # of rules using ipset Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: default AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: aas029...

https://bugzilla.netfilter.org/show_bug.cgi?id=1081 Bug ID: 1081 Summary: /tmp/ccKT2Q7s.o: In function `help': ipset.c:(.text+0x27c): undefined reference to `ipset_envopts' Product: ipset Version: unspecified Hardware: i386 OS: Ubuntu Status: NEW Severity: enhancement Priority: P5 Component: default...

http://bugzilla.netfilter.org/show_bug.cgi?id=783 Summary: ipset fails to parse port names with hyphen for bitmap:port type Product: ipset Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: default...

...#effective group "users". Note that this is not a particularly robust feature and I would never advertise it as a "Personal Firewall" equivalent. Using symbolic links, it''s easy to alias command names to be anything you want. 2) Support has been added for ipsets (see http://people.netfilter.org/kadlec/ipset/). THIS FEATURE REQUIRES PATCHING YOUR KERNEL AND IPTABLES. In most places where an host or network address may be used, you may also use the name of an ipset prefaced by "+". Example: "+Mirrors" The name of the...

Hi Robert, On 07/18/2017 11:43 PM, Robert Schetterer wrote: > i guess not, but typical bots arent using ssl, check it > > however fail2ban sometimes is to slow I have configured dovecot with auth_failure_delay = 10 secs I hope that before the 10 sec are over, dovecot will have logged about the failed login attempt, and fail2ban will have blocked the ip by then. MJ

https://bugzilla.netfilter.org/show_bug.cgi?id=880 Summary: ipset doesn't refresh the timeout for an existing entry when the table is FULL. Product: ipset Version: unspecified Platform: x86_64 OS/Version: Fedora Status: NEW Severity: normal Priority: P5 Compon...

i created an ipset and added 8.8.8.8 to it and used the same iptables working all summer long but ?i can still ping 8.8.8.8 and do nslookup queries against it. ipset or iptables is broken. Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and actually tested that IP addresses that are supposed to...

I haven''t debugged this enough to understand what is happening, but I observe the following: someipset = bitmap:ip,mac 1) br0:+someipset 2) br0:+someipset[2] The first 1) doesn''t match anything in rules or tcrules, the second 2) matches fine. (Also using +someipset[1] doesn''t match anything) Is it possible/sensible/feasible to have shorewall figure out the ''arity of th...