![]() ![]() ![]() Simpliest approach is to create all ipset sets once before loading any iptables rules. So you can not just run ipset restore -file myipset if saved sets are already used by iptables. Using ipset with iptables has a subtelty: all sets should be defined before loading iptables rules that reffer to them.Īlso, you can not destroy a set used by iptables rule, and you can not create a set with the same name as used one. ![]() iptables-persistent - if you are capable of writing firewall rules without crutches.ufw - I don’t like it, but it is default.There are two most popular solutions for managing firewall in Ubuntu/Debian: Apparently, everybody who uses them have to create custom shell scripts for this task. Thanks to could not find any standard solution for saving ipset rules together with iptables. Thanks to : Added -exist option, allowing correct service restart when ip sets are already in use by iptables. First you need to set a name, storage method, and data type for your set, such as: ipset create rangeset hash:net In this case, rangeset is the name, hash is the storage method, and net is the data type. UPDATE : Removed unnecessary DefaultDependencies=no line, that prevented ExecStop commands from running on shutdown/reboot. The ipset command enables you to create and modify IP sets. UPDATE : Added optional saving of changed ipset sets on service stop. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |