New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot create ipsets in kernel, tried iprange and update-ipsets #37
Comments
Tried to enable the list once again: And got an error once again: May 8 22:11:16 atom update-ipsets.sh[16824]: iblocklist_org_microsoft: Enabling iblocklist_org_microsoft... |
Well, following solved an issue: Manually deleted files in: Then executed following commands: ipset destroy ipset list now displays many subnets as expected Please suggest what is correct method to populate ipsets after reboot? |
Hi, you can use ipset directly from firehol.conf. Check this: https://github.com/firehol/firehol/wiki/Working-with-IPSETs If you don't user firehol, you can use Once an ipset is loaded into the kernel |
Hi Costa Tsaousis, May be someone can be interested in following functions for Firehol to block some unwanted traffic to spynet networks:
|
And following scripts for restarting Firehol: restart.sh:
|
Please let me know where can I download an up to date full list of subnets of an organization like Akamai? I would like to block their addresses only for a one of my hosts which does not browse any sites, so connections to Akamai network is unwanted on the host. Where can I download a text file with complete list of Akamai subnets? |
I am not sure they disclose their IP address space. It would be a security flaw for them to do this (since, they would be exposed to DDoS). Anyway, you will have to check their site. |
Some googling reveals following list: |
Complete list for any organization is available at: |
Hello,
I use your excellent Firehol script for over 10 years already, it is very good, exceptional convenience.
Recently I began to find how I can block some unwanted connections.
Phil kindly pointed me to ipset and iprange.
I have installed the latest versions of your scripts from github on my Debian v8 system, upgraded all distro packages too before building Firehol.
Unfortunately I cannot add any IPs to kernel ipset. I tried iprange and update-ipsets.
Can you please point me to several examples of how to generate ipsets by iprange and update-ipsets?
I tried:
ipset destroy
update-ipsets enable iblocklist_org_microsoft
update-ipsets
ipset list - displays empty
Got following in the syslog:
May 8 21:05:35 atom update-ipsets.sh[18989]: INFO: iblocklist_org_microsoft: 9126545/727 mins passed, downloading...
May 8 21:05:37 atom update-ipsets.sh[18989]: INFO: iblocklist_org_microsoft: HTTP/200 OK
May 8 21:05:37 atom update-ipsets.sh[18989]: SAVED: iblocklist_org_microsoft: no need to load ipset in kernel
Then
ipset create iblocklist_org_microsoft hash:net
update-ipsets
ipset list - still displays empty
Please suggest, what am I doing wrong?
The text was updated successfully, but these errors were encountered: