ipset persistent How to guide.... Replace fail2ban if you want.....
by PROBLEMCHYLD from LinuxQuestions.org on (#58VMR)
Create a log file name intruders. The file will log any ip address that tries to connect to the system. Everyone uses different methods to log so I'm skipping this part.
Make sure ip addresses are single lines like so
1.2.3.4
5.6.7.8
9.10.11.12
etc....
Create an ipset rule
ipset create intruders hash:ip family inet hashsize 2048 maxelem 131072
Download lsb-base_4.1+Debian13+nmu1_all.deb
http://ftp.debian.org/debian/pool/main/l/lsb/
Extract the package and then extract data.tar.xz
Copy the folder lsb to the /lib/ directory on Slackware /lib/lsb/init-functions.d/
Download ipset-persistent
https://sourceforge.net/projects/ips...sistent/files/
Extract the .tgz file
Copy the ipset-persistent to /etc/init.d/ make executable
then add the lines below like so
IPT=/usr/sbin/iptables
$IPT -I INPUT 14 -m set --match-set intruders src,dst -j DROP
$IPT -A FORWARD -m set --match-set intruders src,dst -j DROP
#!/bin/sh
### BEGIN INIT INFO
# Provides: ipset-persistent
# Required-Start: mountkernfs $local_fs
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Start-Before: $network iptables-persistent
# X-Stop-After: $network
# Short-Description: Set up ipset rules
# Description: Loads/saves current ipset rules from/to /etc/iptables
# to provide a persistent rule set during boot time
### END INIT INFO
. /lib/lsb/init-functions
rc=0
IPSET=/usr/sbin/ipset
IPT=/usr/sbin/iptables
load_rules()
{
if [ ! -x $IPSET ]; then
log_action_cont_msg " skipping ipset-persistent ($IPSET not exist)"
else
log_action_begin_msg "Loading ipset rules"
if [ ! -f /etc/iptables/ipset.save ]; then
log_action_cont_msg " skipping ipset-persistent (no rules to load )"
else
log_action_cont_msg "ipset"
$IPSET destroy
$IPSET restore < /etc/iptables/ipset.save 2> /dev/null
$IPT -I INPUT 14 -m set --match-set intruders src,dst -j DROP change to suit you
$IPT -A FORWARD -m set --match-set intruders src,dst -j DROP
if [ $? -ne 0 ]; then
rc=1
fi
fi
fi
log_action_end_msg $rc
}
Add to rc.local
if [ -x /etc/init.d/ipset-persistent ]; then
/etc/init.d/ipset-persistent start
fi
Add to rc.local_shutdown
if [ -x /etc/init.d/ipset-persistent ]; then
/etc/init.d/ipset-persistent save
fi
create a script name ipset-intruders
add the following to the script
#!/bin/sh
while read ip; do
/usr/sbin/ipset add intruders -exist $ip
/usr/sbin/ipset del intruders 192.168.43.10
sleep 3
done < /home/problemchyld/.intruders/intruders.log
exit 0
Place the script in /etc/init.d/ make executable
Add the script to cron job for however many seconds or minutes. I use 3 seconds because I get blocked when I vpn tunnel in.
Of course you will have to change everything to your system.
The intruders list is in real-time so the intruder will be block instantly.
I did create a package with src2pkg because IDK how to make slackbuils. So I just installed the package and everything is set for me.
Sorry I'm not the greatest at writing tutorials.
Make sure ip addresses are single lines like so
1.2.3.4
5.6.7.8
9.10.11.12
etc....
Create an ipset rule
ipset create intruders hash:ip family inet hashsize 2048 maxelem 131072
Download lsb-base_4.1+Debian13+nmu1_all.deb
http://ftp.debian.org/debian/pool/main/l/lsb/
Extract the package and then extract data.tar.xz
Copy the folder lsb to the /lib/ directory on Slackware /lib/lsb/init-functions.d/
Download ipset-persistent
https://sourceforge.net/projects/ips...sistent/files/
Extract the .tgz file
Copy the ipset-persistent to /etc/init.d/ make executable
then add the lines below like so
IPT=/usr/sbin/iptables
$IPT -I INPUT 14 -m set --match-set intruders src,dst -j DROP
$IPT -A FORWARD -m set --match-set intruders src,dst -j DROP
#!/bin/sh
### BEGIN INIT INFO
# Provides: ipset-persistent
# Required-Start: mountkernfs $local_fs
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Start-Before: $network iptables-persistent
# X-Stop-After: $network
# Short-Description: Set up ipset rules
# Description: Loads/saves current ipset rules from/to /etc/iptables
# to provide a persistent rule set during boot time
### END INIT INFO
. /lib/lsb/init-functions
rc=0
IPSET=/usr/sbin/ipset
IPT=/usr/sbin/iptables
load_rules()
{
if [ ! -x $IPSET ]; then
log_action_cont_msg " skipping ipset-persistent ($IPSET not exist)"
else
log_action_begin_msg "Loading ipset rules"
if [ ! -f /etc/iptables/ipset.save ]; then
log_action_cont_msg " skipping ipset-persistent (no rules to load )"
else
log_action_cont_msg "ipset"
$IPSET destroy
$IPSET restore < /etc/iptables/ipset.save 2> /dev/null
$IPT -I INPUT 14 -m set --match-set intruders src,dst -j DROP change to suit you
$IPT -A FORWARD -m set --match-set intruders src,dst -j DROP
if [ $? -ne 0 ]; then
rc=1
fi
fi
fi
log_action_end_msg $rc
}
Add to rc.local
if [ -x /etc/init.d/ipset-persistent ]; then
/etc/init.d/ipset-persistent start
fi
Add to rc.local_shutdown
if [ -x /etc/init.d/ipset-persistent ]; then
/etc/init.d/ipset-persistent save
fi
create a script name ipset-intruders
add the following to the script
#!/bin/sh
while read ip; do
/usr/sbin/ipset add intruders -exist $ip
/usr/sbin/ipset del intruders 192.168.43.10
sleep 3
done < /home/problemchyld/.intruders/intruders.log
exit 0
Place the script in /etc/init.d/ make executable
Add the script to cron job for however many seconds or minutes. I use 3 seconds because I get blocked when I vpn tunnel in.
Of course you will have to change everything to your system.
The intruders list is in real-time so the intruder will be block instantly.
I did create a package with src2pkg because IDK how to make slackbuils. So I just installed the package and everything is set for me.
Sorry I'm not the greatest at writing tutorials.