similar to: Iptables not save rules

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of John R Pierce > Sent: Sunday, September 11, 2016 10:44 PM > To: centos at centos.org > Subject: Re: [CentOS] Iptables not save rules > > On 9/11/2016 8:55 AM, TE Dukes wrote: > > I have been using ipset to blacklist badbots. Works like a champ! >

On 9/11/2016 8:55 AM, TE Dukes wrote: > I have been using ipset to blacklist badbots. Works like a champ! > > The only problem is if I do a system reboot, I lose the ipset and the rule. > > I changed /etc/sysconfig/iptables.conf to: > > IPTABLES_SAVE_ON_RESTART="yes" > IPTABLES_SAVE_ON_STOP="yes" > > And followed the instructions in: > >

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Keith Keller > Sent: Sunday, August 28, 2016 4:23 PM > To: centos at centos.org > Subject: Re: [CentOS] .htaccess file > > On 2016-08-28, TE Dukes <tdukes at palmettoshopper.com> wrote: > > > > I'm just not following or understanding.

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Keith Keller > Sent: Sunday, August 28, 2016 8:23 PM > To: centos at centos.org > Subject: Re: [CentOS] .htaccess file > > On 2016-08-28, TE Dukes <tdukes at palmettoshopper.com> wrote: > > I setup an ipset but quickly ran out of room in the

I don''t know what is happening, but every 36 hours or so I''ll go to ssh into my server and find that I can''t connect on any of the outside services. I then can connect into the box using a serial connection and find that shorewall reports that it is not running and the iptables are in some kind of default state which looks nothing like what I set it up with shorewall

On Sun, Aug 28, 2016 at 5:23 PM, Keith Keller <kkeller at wombat.san-francisco.ca.us> wrote: > On 2016-08-28, TE Dukes <tdukes at palmettoshopper.com> wrote: > >> Right now, I'm just trying to take some load off my >> home server from badbots but I am getting hit on other services as well. > > Another possibility for you to look at is sshguard. It can

Hi! I have a server running CentOS 7.7 (1908) with all current patches installed. I think this server should be a quite standard installation with no specialities On this server I have fail2ban with an apache and openvpn configuration. I'm using firewalld to manage the firewall rules. Fail2an is configured to use firewalld: [root at server ~]# ll /etc/fail2ban/jail.d/ insgesamt 12

http://bugzilla.netfilter.org/show_bug.cgi?id=773 Summary: iptables performance limits on # of rules using ipset Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: default AssignedTo: netfilter-buglog at lists.netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1726 Bug ID: 1726 Summary: invalid json generated by ipset list -output json Product: ipset Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: trivial Priority: P5 Component: default Assignee:

I haven''t debugged this enough to understand what is happening, but I observe the following: someipset = bitmap:ip,mac 1) br0:+someipset 2) br0:+someipset[2] The first 1) doesn''t match anything in rules or tcrules, the second 2) matches fine. (Also using +someipset[1] doesn''t match anything) Is it possible/sensible/feasible to have shorewall figure out the

On 2016-08-28, TE Dukes <tdukes at palmettoshopper.com> wrote: > I setup an ipset but quickly ran out of room in the set. I guess I'll have > to setup multiple sets. I'm not familiar with ipsets, but from a quick Google search it seems like you can increase the size of an ipset (or make a new larger one and migrate your IPs to the new one). Multiple sets looks like it'd

This is what ipset can do for traffic on a home server that's not wanted on a slow 6MB DSL connection. http://palmettoshopper.com/httpd_traffic.jpg I only use my home server for zoneminder, testing my commercial website and streaming movies. Got tired of hackers looking for files that don't exist on my home server and non-complying robots. Check the drop in bandwidth. Setup up a

Hello, My home system on a DSL line is getting worn out by bad behavior robots. Awhile back, I created a .htaccess file that block countries by IP blocks. Its 2MB in size. I have been running Linux since Slackware 1.0 and moved to Redhat around 2.0. I started after running a BBS using a doorway for newsgroups. Been hooked ever since. So, today, I tried following the directions for

I have been using shorewall for years with ipsets. I have encountered a problem after upgrading from 4.2.11 to 4.4.10. When I run ''shorewall-check'' or ''shorewall start'', it halts with the error: ---------------------------------------------------------------------- ERROR: ipset names in Shorewall configuration files require Ipset Match in your kernel and

http://bugzilla.netfilter.org/show_bug.cgi?id=640 Summary: ipset-4.2 : ipset -T <some_setlist> <address> always negative Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P1 Component: default AssignedTo:

I want to use the ipset-service to store ipsets persistently across boots. (For use by iptables rules. firewalld has direct support for persistent ipsets but I need the more general capability of raw iptables.) I'm using a kernel with ipsets compiled in, rather than loaded as a module. The support script that saves ipsets checks if the module is loaded before saving and finds nothing, so

Hello, I have ipsets setup with a set of ip address that are badbots that won't comply with robots.txt This is a home server and these are most likely up to no good. I came up with a script to extract ip address from my access_log then another script to take ips and import them into my blacklist set. (see my scripts in the .htaccess thread) I can set these up as cron jobs but I'm not

On Fri, 12 Apr 2019, mj wrote: > What we do is: use https://github.com/trick77/ipset-blacklist to block IPs > (from various existing blacklists) at the iptables level using an ipset. "www.blocklist.de" is a nifty source. Could you suggest other publically available blacklists? > That way, the known bad IPs never even talk to dovecot, but are dropped > immediately. We

-------- Original Message -------- Subject: Re: [CentOS] ipset and blacklisting From: "Albert McCann" <mac358 at newsguy.com> Date: Wed, September 21, 2016 5:34 am To: "'CentOS mailing list'" <centos at centos.org> How are you saving and reloading the ipsets over a reboot? > -----Original Message----- > From: centos-bounces at centos.org

hi i''ve created an emergingthreats fwrules ipset updater for use with my shorewall. maybe others find this usefull too. short howto: * get bash script (emerging-ipset-update.txt) from http://doc.emergingthreats.net/bin/view/Main/EmergingFirewallRules * add the configured ipsets to shorewall configfile "blacklist" * if not already configured: configure your interfaces for