similar to: ipsets/iptables question

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Keith Keller > Sent: Sunday, August 28, 2016 4:23 PM > To: centos at centos.org > Subject: Re: [CentOS] .htaccess file > > On 2016-08-28, TE Dukes <tdukes at palmettoshopper.com> wrote: > > > > I'm just not following or understanding.

-------- Original Message -------- Subject: Re: [CentOS] ipset and blacklisting From: "Albert McCann" <mac358 at newsguy.com> Date: Wed, September 21, 2016 5:34 am To: "'CentOS mailing list'" <centos at centos.org> How are you saving and reloading the ipsets over a reboot? > -----Original Message----- > From: centos-bounces at centos.org

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Keith Keller > Sent: Sunday, August 28, 2016 8:23 PM > To: centos at centos.org > Subject: Re: [CentOS] .htaccess file > > On 2016-08-28, TE Dukes <tdukes at palmettoshopper.com> wrote: > > I setup an ipset but quickly ran out of room in the

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of John R Pierce > Sent: Sunday, September 11, 2016 10:44 PM > To: centos at centos.org > Subject: Re: [CentOS] Iptables not save rules > > On 9/11/2016 8:55 AM, TE Dukes wrote: > > I have been using ipset to blacklist badbots. Works like a champ! >

On 2016-08-28, TE Dukes <tdukes at palmettoshopper.com> wrote: > I setup an ipset but quickly ran out of room in the set. I guess I'll have > to setup multiple sets. I'm not familiar with ipsets, but from a quick Google search it seems like you can increase the size of an ipset (or make a new larger one and migrate your IPs to the new one). Multiple sets looks like it'd

Hello, I have been using ipset to blacklist badbots. Works like a champ! The only problem is if I do a system reboot, I lose the ipset and the rule. I changed /etc/sysconfig/iptables.conf to: IPTABLES_SAVE_ON_RESTART="yes" IPTABLES_SAVE_ON_STOP="yes" And followed the instructions in: https://www.centos.org/forums/viewtopic.php?t=3853 The changes are still not saved.

On 9/11/2016 8:55 AM, TE Dukes wrote: > I have been using ipset to blacklist badbots. Works like a champ! > > The only problem is if I do a system reboot, I lose the ipset and the rule. > > I changed /etc/sysconfig/iptables.conf to: > > IPTABLES_SAVE_ON_RESTART="yes" > IPTABLES_SAVE_ON_STOP="yes" > > And followed the instructions in: > >

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Keith Keller > Sent: Monday, August 29, 2016 7:39 PM > To: centos at centos.org > Subject: Re: [CentOS] .htaccess file > > On 2016-08-29, TE Dukes <tdukes at palmettoshopper.com> wrote: > >> > >> Can you be more specific about the

Hello, My home system on a DSL line is getting worn out by bad behavior robots. Awhile back, I created a .htaccess file that block countries by IP blocks. Its 2MB in size. I have been running Linux since Slackware 1.0 and moved to Redhat around 2.0. I started after running a BBS using a doorway for newsgroups. Been hooked ever since. So, today, I tried following the directions for

On Sun, Aug 28, 2016 at 5:23 PM, Keith Keller <kkeller at wombat.san-francisco.ca.us> wrote: > On 2016-08-28, TE Dukes <tdukes at palmettoshopper.com> wrote: > >> Right now, I'm just trying to take some load off my >> home server from badbots but I am getting hit on other services as well. > > Another possibility for you to look at is sshguard. It can

https://bugzilla.netfilter.org/show_bug.cgi?id=1234 Bug ID: 1234 Summary: iptables match-set with multiple ipsets doesn't work Product: iptables Version: 1.4.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables Assignee:

This is what ipset can do for traffic on a home server that's not wanted on a slow 6MB DSL connection. http://palmettoshopper.com/httpd_traffic.jpg I only use my home server for zoneminder, testing my commercial website and streaming movies. Got tired of hackers looking for files that don't exist on my home server and non-complying robots. Check the drop in bandwidth. Setup up a

http://bugzilla.netfilter.org/show_bug.cgi?id=773 Summary: iptables performance limits on # of rules using ipset Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: default AssignedTo: netfilter-buglog at lists.netfilter.org

I have been using shorewall for years with ipsets. I have encountered a problem after upgrading from 4.2.11 to 4.4.10. When I run ''shorewall-check'' or ''shorewall start'', it halts with the error: ---------------------------------------------------------------------- ERROR: ipset names in Shorewall configuration files require Ipset Match in your kernel and

http://bugzilla.netfilter.org/show_bug.cgi?id=640 Summary: ipset-4.2 : ipset -T <some_setlist> <address> always negative Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P1 Component: default AssignedTo:

http://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 ftp://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 WARNING: This is a development release and may be unstable New Features in version 2.3.0 1) Shorewall 2.3.0 supports the ''cmd-owner'' option of the owner match facility in Netfilter. Like all owner match options, ''cmd-owner'' may only be applied to

I haven''t debugged this enough to understand what is happening, but I observe the following: someipset = bitmap:ip,mac 1) br0:+someipset 2) br0:+someipset[2] The first 1) doesn''t match anything in rules or tcrules, the second 2) matches fine. (Also using +someipset[1] doesn''t match anything) Is it possible/sensible/feasible to have shorewall figure out the

I want to use the ipset-service to store ipsets persistently across boots. (For use by iptables rules. firewalld has direct support for persistent ipsets but I need the more general capability of raw iptables.) I'm using a kernel with ipsets compiled in, rather than loaded as a module. The support script that saves ipsets checks if the module is loaded before saving and finds nothing, so

Hi! I have a server running CentOS 7.7 (1908) with all current patches installed. I think this server should be a quite standard installation with no specialities On this server I have fail2ban with an apache and openvpn configuration. I'm using firewalld to manage the firewall rules. Fail2an is configured to use firewalld: [root at server ~]# ll /etc/fail2ban/jail.d/ insgesamt 12

https://bugzilla.netfilter.org/show_bug.cgi?id=1750 Bug ID: 1750 Summary: 'ipset save' does not save in format loadable by systemd (it saves in 'ipset list' format) Product: ipset Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal