search for: ipsets

Displaying 20 results from an estimated 273 matches for "ipsets".

Did you mean: ipset
2015 Feb 17
3
Using "ipset" under CentOS7
ipset on CentOS6 comes with /etc/rc.d/init.d/ipset so that "service ipset reload" can be used to (re)load the configuration. CentOS7 doesn't come with an equivalent for systemd: # systemctl reload ipset.service Failed to issue method call: Unit ipset.service failed to load: No such file or directory. # systemctl start ipset.service Failed to issue method call: Unit ipset.service
2014 Aug 10
3
ipset module loaded at startup on CentOS 6.5
Anybody on here successfully get ipset iptables sets to work _after_ a reboot? My question on StackExchange http://unix.stackexchange.com/questions/149536/upon-bootup-all-iptables-are-lost-because-the-kernel-module-ip-set-is-not-loade Some of the things that need to be in place, otherwise iptables does not load: 1.) The kernel module ip_set needs to be loaded. 2.) The "sets" need to be
2016 Sep 13
2
Iptables not save rules
...> > > The changes are still not saved. > > wild guess says, you need to ... > > chkconfig on ipset > service ipset start > > and when you change ipset stuff, > > service ipset save > > > but I'm just guessing, I've never used ipsets. > > > -- > john r pierce, recycling bits in santa cruz [Thomas E Dukes] THANKS!! I did not realize ipset was running as a service. Been trying figure out what was wrong for a couple weeks. Only way to know is to do a reboot and see what happens. Ipset save xxxxxx apparently doesn...
2016 Sep 21
1
ipset and blacklisting
-------- Original Message -------- Subject: Re: [CentOS] ipset and blacklisting From: "Albert McCann" <mac358 at newsguy.com> Date: Wed, September 21, 2016 5:34 am To: "'CentOS mailing list'" <centos at centos.org> How are you saving and reloading the ipsets over a reboot? > -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of TE Dukes > Sent: Tuesday, September 20, 2016 9:46 PM > To: 'CentOS mailing list' <centos at centos.org> > Subject: [CentOS] ipset an...
2011 Aug 02
3
[Bug 733] New: ipset restore won't restore from output of ipset save
http://bugzilla.netfilter.org/show_bug.cgi?id=733 Summary: ipset restore won't restore from output of ipset save Product: ipset Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: default AssignedTo: netfilter-buglog at
2013 Dec 17
1
shorewall add fails with IPSET=
Hi all I have a CentOS6 box with shorewall-4.5.21. If I have IPSET= in shorewall.conf and I issue the command "shorewall add ppp:192.168.33.3 ptp", I get the error: /usr/share/shorewall/lib.cli: line 585: [: too many arguments ERROR: Zone ptp, interface ppp does not have a dynamic host list The error is corrected setting the actual path to ipset in shorewall.conf, or via the patch:
2010 Jun 17
4
shorewall 4.4.10 failing to start; won't recognize ipset "capability"
I have been using shorewall for years with ipsets. I have encountered a problem after upgrading from 4.2.11 to 4.4.10. When I run ''shorewall-check'' or ''shorewall start'', it halts with the error: ---------------------------------------------------------------------- ERROR: ipset names in Shorewall configuration...
2010 Mar 11
2
[Bug 640] New: ipset-4.2 : ipset -T <some_setlist> <address> always negative
...Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P1 Component: default AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: brendlerjg at gmail.com I have been using ipsets for years, but am attempting to implement a setlist for the first time, using version 4.2. I have created a setlist, including three ipsets (all of type nethash). I am trying to validate that it works before incorporating into my firewall. When I use 'ipset -T' to test whether a given ad...
2012 May 18
1
[Bug 788] New: Allow saving to/restoring from a file without shell redirection
...on the command line would be very useful, e.g something like: $ ipset save -of /etc/ipset/ipset.save $ ipset restore -if /etc/ipset/ipset.save ----- One such environment is systemd. I'm maintaining the ipset package in Fedora, and it would be nice to provide users a way to have their ipsets automatically restored at boot time, and saved at shutdown. In systemd, a unit file provides a command line to run in order to start or stop the service with the ExecStart and ExecStop directives. However, there's no input/output redirection available in systemd, so I can't use: ExecS...
2023 Dec 05
3
[Bug 1726] New: invalid json generated by ipset list -output json
...pairs are valid in a map/object (curly braces), but not an array (square braces). Popular JSON parsers fail on this: --- root at gir:~# ipset list -output json -name | jq . jq: parse error: ':' not as part of an object at line 2, column 8 --- This output looks even more odd when multiple ipsets are present. --- root at gir:~# ipset new test2 hash:ip root at gir:~# ipset list -output json -name [ "name" : "test" "name" : "test2" ] --- If the outer braces were curly, then this would have multiple instances of the same key at the same level. It'...
2017 Feb 08
3
[Bug 1119] New: Hash code evicting other entries upon entry deletion (v6.25.1-v6.30)
https://bugzilla.netfilter.org/show_bug.cgi?id=1119 Bug ID: 1119 Summary: Hash code evicting other entries upon entry deletion (v6.25.1-v6.30) Product: ipset Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: default
2012 Feb 28
6
[Bug 773] New: iptables performance limits on # of rules using ipset
...ts.netfilter.org ReportedBy: aas029 at yahoo.com Estimated Hours: 0.0 Observing significant degradation in latency and packet loss of pass-through traffic (FORWARD chain) when the number of iptables rules that use ipprotiphash ipset matching exceeds 24 rules. This happens even when the ipsets themselves are empty or have just a few entries each. The following is a striped down example to demonstrate the potential issue: - create X number of ipportiphash ipsets: ipset -N UDP-x ipportiphash --network 129.129.0.0/22 where x is from 1 to X - add X number of iptables rules each of which ma...
2016 Jul 29
2
[Bug 1081] New: /tmp/ccKT2Q7s.o: In function `help': ipset.c:(.text+0x27c): undefined reference to `ipset_envopts'
https://bugzilla.netfilter.org/show_bug.cgi?id=1081 Bug ID: 1081 Summary: /tmp/ccKT2Q7s.o: In function `help': ipset.c:(.text+0x27c): undefined reference to `ipset_envopts' Product: ipset Version: unspecified Hardware: i386 OS: Ubuntu Status: NEW Severity:
2012 Apr 26
2
[Bug 783] New: ipset fails to parse port names with hyphen for bitmap:port type
http://bugzilla.netfilter.org/show_bug.cgi?id=783 Summary: ipset fails to parse port names with hyphen for bitmap:port type Product: ipset Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: default AssignedTo:
2005 May 05
4
Shorewall 2.3.0
...#effective group "users". Note that this is not a particularly robust feature and I would never advertise it as a "Personal Firewall" equivalent. Using symbolic links, it''s easy to alias command names to be anything you want. 2) Support has been added for ipsets (see http://people.netfilter.org/kadlec/ipset/). THIS FEATURE REQUIRES PATCHING YOUR KERNEL AND IPTABLES. In most places where an host or network address may be used, you may also use the name of an ipset prefaced by "+". Example: "+Mirrors" The name of the s...
2017 Jul 19
3
under some kind of attack
Hi Robert, On 07/18/2017 11:43 PM, Robert Schetterer wrote: > i guess not, but typical bots arent using ssl, check it > > however fail2ban sometimes is to slow I have configured dovecot with auth_failure_delay = 10 secs I hope that before the 10 sec are over, dovecot will have logged about the failed login attempt, and fail2ban will have blocked the ip by then. MJ
2013 Dec 03
8
[Bug 880] New: ipset doesn't refresh the timeout for an existing entry when the table is FULL.
https://bugzilla.netfilter.org/show_bug.cgi?id=880 Summary: ipset doesn't refresh the timeout for an existing entry when the table is FULL. Product: ipset Version: unspecified Platform: x86_64 OS/Version: Fedora Status: NEW Severity: normal Priority: P5 Component: default
2014 Dec 08
2
ipset not actually blocking
i created an ipset and added 8.8.8.8 to it and used the same iptables working all summer long but ?i can still ping 8.8.8.8 and do nslookup queries against it. ipset or iptables is broken. Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and actually tested that IP addresses that are supposed to be blacklisted are actually blocked? ? Filed CentOS bug report 7977
2011 Jul 25
4
ipsets
I haven''t debugged this enough to understand what is happening, but I observe the following: someipset = bitmap:ip,mac 1) br0:+someipset 2) br0:+someipset[2] The first 1) doesn''t match anything in rules or tcrules, the second 2) matches fine. (Also using +someipset[1] doesn''t match anything) Is it possible/sensible/feasible to have shorewall figure out the
2016 Sep 11
2
Iptables not save rules
Hello, I have been using ipset to blacklist badbots. Works like a champ! The only problem is if I do a system reboot, I lose the ipset and the rule. I changed /etc/sysconfig/iptables.conf to: IPTABLES_SAVE_ON_RESTART="yes" IPTABLES_SAVE_ON_STOP="yes" And followed the instructions in: https://www.centos.org/forums/viewtopic.php?t=3853 The changes are still not saved.