Hello,
I have been using ipset to blacklist badbots. Works like a champ!
The only problem is if I do a system reboot, I lose the ipset and the rule.
I changed /etc/sysconfig/iptables.conf to:
IPTABLES_SAVE_ON_RESTART="yes" IPTABLES_SAVE_ON_STOP="yes"
And followed the instructions in:
https://www.centos.org/forums/viewtopic.php?t=3853
The changes are still not saved.
The rules show up in the running /etc/syscong/iptables but are lost on a reboot.
Also, firewalld is not installed. This is a CentOS 6.8 system.
One question, do I need to stop iptables before I add the rules? I have seen examples where sometimes they do and sometimes they don't.
TIA
On 9/11/2016 8:55 AM, TE Dukes wrote:
I have been using ipset to blacklist badbots. Works like a champ!
The only problem is if I do a system reboot, I lose the ipset and the rule.
I changed /etc/sysconfig/iptables.conf to:
IPTABLES_SAVE_ON_RESTART="yes" IPTABLES_SAVE_ON_STOP="yes"
And followed the instructions in:
https://www.centos.org/forums/viewtopic.php?t=3853
The changes are still not saved.
wild guess says, you need to ...
chkconfig on ipset service ipset start
and when you change ipset stuff,
service ipset save
but I'm just guessing, I've never used ipsets.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of John R Pierce Sent: Sunday, September 11, 2016 10:44 PM To: centos@centos.org Subject: Re: [CentOS] Iptables not save rules
On 9/11/2016 8:55 AM, TE Dukes wrote:
I have been using ipset to blacklist badbots. Works like a champ!
The only problem is if I do a system reboot, I lose the ipset and the
rule.
I changed /etc/sysconfig/iptables.conf to:
IPTABLES_SAVE_ON_RESTART="yes" IPTABLES_SAVE_ON_STOP="yes"
And followed the instructions in:
https://www.centos.org/forums/viewtopic.php?t=3853
The changes are still not saved.
wild guess says, you need to ...
chkconfig on ipset service ipset startand when you change ipset stuff,
service ipset savebut I'm just guessing, I've never used ipsets.
-- john r pierce, recycling bits in santa cruz
[Thomas E Dukes] THANKS!!
I did not realize ipset was running as a service.
Been trying figure out what was wrong for a couple weeks.
Only way to know is to do a reboot and see what happens. Ipset save xxxxxx apparently doesn't really do anything.
Thanks, again!!
On Tue, Sep 13, 2016 at 08:16:28AM -0400, TE Dukes wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of John R Pierce Sent: Sunday, September 11, 2016 10:44 PM To: centos@centos.org Subject: Re: [CentOS] Iptables not save rules
On 9/11/2016 8:55 AM, TE Dukes wrote:
I have been using ipset to blacklist badbots. Works like a champ!
The only problem is if I do a system reboot, I lose the ipset and the
rule.
I changed /etc/sysconfig/iptables.conf to:
IPTABLES_SAVE_ON_RESTART="yes" IPTABLES_SAVE_ON_STOP="yes"
And followed the instructions in:
https://www.centos.org/forums/viewtopic.php?t=3853
The changes are still not saved.
wild guess says, you need to ...
chkconfig on ipset service ipset startand when you change ipset stuff,
service ipset savebut I'm just guessing, I've never used ipsets.
-- john r pierce, recycling bits in santa cruz
[Thomas E Dukes] THANKS!!
I did not realize ipset was running as a service.
Been trying figure out what was wrong for a couple weeks.
Only way to know is to do a reboot and see what happens. Ipset save xxxxxx apparently doesn't really do anything.
No, but
ipset save blacklist > blacklist.save
might.
jl
On Tue, 13 Sep 2016, TE Dukes wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of John R Pierce Sent: Sunday, September 11, 2016 10:44 PM To: centos@centos.org Subject: Re: [CentOS] Iptables not save rules
On 9/11/2016 8:55 AM, TE Dukes wrote:
I have been using ipset to blacklist badbots. Works like a champ!
The only problem is if I do a system reboot, I lose the ipset and the
rule.
I changed /etc/sysconfig/iptables.conf to:
IPTABLES_SAVE_ON_RESTART="yes" IPTABLES_SAVE_ON_STOP="yes"
And followed the instructions in:
https://www.centos.org/forums/viewtopic.php?t=3853
The changes are still not saved.
wild guess says, you need to ...
chkconfig on ipset service ipset startand when you change ipset stuff,
service ipset savebut I'm just guessing, I've never used ipsets.
-- john r pierce, recycling bits in santa cruz
[Thomas E Dukes] THANKS!!
I did not realize ipset was running as a service.
Been trying figure out what was wrong for a couple weeks.
Only way to know is to do a reboot and see what happens. Ipset save xxxxxx apparently doesn't really do anything.
Thanks, again!!
John R Pierce's wild guesses are exactly right.
ipset is NOT running as a "traditional" service, however:
service ipset start|stop|save
load and save ipsets for you automagically.
Notice that it's "service ipset save" not "ipset save xxxx" as you had typed.
Finally, and this is a bit of a corner case, but "service ipset save" won't work if you don't have the "ip_set" kernel module loaded, that is if your environment has the kernel modules compiled in to the kernel. See lines 123 and 124 of /etc/rc.d/init.d/ipset
Easiest thing for me is to just comment out those two lines, however I need to remember to comment them out again when the ipset rpm is updated.
-
John R Pierce -
Jon LaBadie -
Mike -
TE Dukes