Ipset firewall not working

hello!

I have created an own list of ipset in a visible url to put ip’s of attackers and I have added it to the firewall. the problem is that I don’t know if I’m doing something wrong but the ip’s I put there don’t block them

What steps do I have to do to make it work?

ipset:mylist-blocklist-ipv4

Hi @servtelecom

How did you add the list?

yes

[ DROP ] mylist-blocklist-ipv4 TCP 0 ipset:mylist-blocklist-ipv4

No, I’m asking how you added the ipset list to Hestia; what you’re showing is how you added the rule to the firewall.

Show the output of these commands:

v-list-firewall-ipset plain | grep mylist-blocklist-ipv4
iptables -S | grep mylist-blocklist-ipv4

Show also the output of this command:

ipset list mylist-blocklist-ipv4 | head -n7

Name: mylist-blocklist-ipv4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x7dd62937
Size in memory: 456
References: 1
Number of entries: 0

Also show the two previous commands I asked for. But as you see, the number of entries is 0 so no ips in that list.

1 Like

and what should I do so that you are not 0? I have introduced ip’s but it doesn’t seem to synchronize them?

As I said, I need to know how you added the ipset. Show the output of these commands:

v-list-firewall-ipset plain | grep mylist-blocklist-ipv4
iptables -S | grep mylist-blocklist-ipv4
1 Like

You have a duplicated ip in the list and ipset fails to add the ips to the list.

Remove one of the ips 94.84.47.238 from your list.

My advice, once you add a new ip or ips to the list, run something like this to remove duplicated ones… and sort them (this is optional).

awk -i inplace '!a[$0]++' /path/to/blocklist-ipv4.txt && sort -rV -o /path/to/blocklist-ipv4.txt /path/to/blocklist-ipv4.txt

I just did it and it has already cleaned up several IPs

I have re-executed the command and it is still at 0, do I have to do something to synchronize it?

Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x7dd62937
Size in memory: 456
References: 1
Number of entries: 0

Usually you only need to wait till tonight when the cron job will update the block lists or execute this command:

v-update-firewall-ipset yes

If that doesn’t work, remove the ipset and add it again.

1 Like

Perfect, now it’s working!

Thank you very much for everything!!

1 Like