similar to: ipset not actually blocking

Appears the iptables update 1.4.7-14 which came with CentOS6 r6 is the most likely culprit. The solution for now is: delete ',dst' from the iptables INPUT chain delete 'src,' from the iptables OUTPUT chain. On Mon, Dec 8, 2014 at 5:39 PM, Rob Townley <rob.townley at gmail.com> wrote: > i created an ipset and added 8.8.8.8 to it and used the same iptables > working

Anybody on here successfully get ipset iptables sets to work _after_ a reboot? My question on StackExchange http://unix.stackexchange.com/questions/149536/upon-bootup-all-iptables-are-lost-because-the-kernel-module-ip-set-is-not-loade Some of the things that need to be in place, otherwise iptables does not load: 1.) The kernel module ip_set needs to be loaded. 2.) The "sets" need to be

https://bugzilla.netfilter.org/show_bug.cgi?id=1719 Bug ID: 1719 Summary: ipset wrongly blocking undefined ranges and not blocking ranges that are defined Product: ipset Version: unspecified Hardware: All OS: RedHat Linux Status: NEW Severity: critical Priority: P5

http://bugzilla.netfilter.org/show_bug.cgi?id=783 Summary: ipset fails to parse port names with hyphen for bitmap:port type Product: ipset Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: default AssignedTo:

ipset on CentOS6 comes with /etc/rc.d/init.d/ipset so that "service ipset reload" can be used to (re)load the configuration. CentOS7 doesn't come with an equivalent for systemd: # systemctl reload ipset.service Failed to issue method call: Unit ipset.service failed to load: No such file or directory. # systemctl start ipset.service Failed to issue method call: Unit ipset.service

Hi all I have a CentOS6 box with shorewall-4.5.21. If I have IPSET= in shorewall.conf and I issue the command "shorewall add ppp:192.168.33.3 ptp", I get the error: /usr/share/shorewall/lib.cli: line 585: [: too many arguments ERROR: Zone ptp, interface ppp does not have a dynamic host list The error is corrected setting the actual path to ipset in shorewall.conf, or via the patch:

http://bugzilla.netfilter.org/show_bug.cgi?id=640 Summary: ipset-4.2 : ipset -T <some_setlist> <address> always negative Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P1 Component: default AssignedTo:

https://bugzilla.netfilter.org/show_bug.cgi?id=1726 Bug ID: 1726 Summary: invalid json generated by ipset list -output json Product: ipset Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: trivial Priority: P5 Component: default Assignee:

http://bugzilla.netfilter.org/show_bug.cgi?id=733 Summary: ipset restore won't restore from output of ipset save Product: ipset Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: default AssignedTo: netfilter-buglog at

-------- Original Message -------- Subject: Re: [CentOS] ipset and blacklisting From: "Albert McCann" <mac358 at newsguy.com> Date: Wed, September 21, 2016 5:34 am To: "'CentOS mailing list'" <centos at centos.org> How are you saving and reloading the ipsets over a reboot? > -----Original Message----- > From: centos-bounces at centos.org

https://bugzilla.netfilter.org/show_bug.cgi?id=880 Summary: ipset doesn't refresh the timeout for an existing entry when the table is FULL. Product: ipset Version: unspecified Platform: x86_64 OS/Version: Fedora Status: NEW Severity: normal Priority: P5 Component: default

http://bugzilla.netfilter.org/show_bug.cgi?id=719 Summary: ipset restore fails randomly Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: critical Priority: P3 Component: default AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy:

https://bugzilla.netfilter.org/show_bug.cgi?id=1750 Bug ID: 1750 Summary: 'ipset save' does not save in format loadable by systemd (it saves in 'ipset list' format) Product: ipset Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal

https://bugzilla.netfilter.org/show_bug.cgi?id=1328 Bug ID: 1328 Summary: Please allow ipset add and del via the /proc/net/xt_ipset mechanism Product: ipset Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component:

I've just started experimenting with ipset under CentOS 6, and have found what appears to be a bug (or poor design) in the init scripts for ipset, /etc/rc.d/init.d/ipset In stop(), save() and status(), it does lsmod to check for the existence of the ip_set module. If the module is not found, it exits without performing any action. This doesn't take account of a kernel where the ip_set

I have been using shorewall for years with ipsets. I have encountered a problem after upgrading from 4.2.11 to 4.4.10. When I run ''shorewall-check'' or ''shorewall start'', it halts with the error: ---------------------------------------------------------------------- ERROR: ipset names in Shorewall configuration files require Ipset Match in your kernel and

http://bugzilla.netfilter.org/show_bug.cgi?id=773 Summary: iptables performance limits on # of rules using ipset Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: default AssignedTo: netfilter-buglog at lists.netfilter.org

http://bugzilla.netfilter.org/show_bug.cgi?id=709 Summary: Update docs / man page for latest ipset versions Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P3 Component: default AssignedTo: netfilter-buglog at lists.netfilter.org

I want to use the ipset-service to store ipsets persistently across boots. (For use by iptables rules. firewalld has direct support for persistent ipsets but I need the more general capability of raw iptables.) I'm using a kernel with ipsets compiled in, rather than loaded as a module. The support script that saves ipsets checks if the module is loaded before saving and finds nothing, so

https://bugzilla.netfilter.org/show_bug.cgi?id=838 Summary: ipset add foo syslog fails for bitmap:port Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: default AssignedTo: netfilter-buglog at lists.netfilter.org