Forums

ddd
ddd
Offline
ClearOS Feature Request

where can i find ipset

Resolved
0 votes
I installed version 6.6 and am wanting to use ipset for blocking incoming connections but ipset isn't installed, is there a yum repository that has it? Is there a rpm that does an install? or do I need to get a centos package and install?
Sunday, July 19 2015, 08:07 PM
Share this post:
Responses (11)
  • Accepted Answer

    ddd
    ddd
    Offline
    Thursday, October 08 2015, 12:33 AM - #Permalink
    Resolved
    0 votes
    Dave's answer of July 22 is what worked for me though I did have a little trouble getting access to the clearos-core
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, October 07 2015, 06:03 PM - #Permalink
    Resolved
    0 votes
    If you are interested there are a couple of long threads:Country blocking and blocking with ET block lists. I now use modified forms of these scripts but have not updated the main posts. You may find some of the error checking OTT and on my server I've removed a lot the irrelevant bits. I've also changed how they work a bit so they behave better under start up.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, October 07 2015, 05:32 PM - #Permalink
    Resolved
    0 votes
    Thanks,
    I won't have access to that server till Monday so I'll try it then get back to you.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, October 07 2015, 05:17 PM - #Permalink
    Resolved
    0 votes
    Sorry:
    modprobe ip_set
    You can then check with:
    lsmod | grep ip_set
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, October 07 2015, 04:36 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    modprobe ipset


    I did that but nothing changed.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, October 07 2015, 04:11 PM - #Permalink
    Resolved
    0 votes
    modprobe ipset
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, October 07 2015, 04:02 PM - #Permalink
    Resolved
    0 votes
    Hey guys,
    I've gone through this thread but I see nowhere explaining how to get ipset working on my 6.6 installation.
    I did:
    yum --enablerepo=clearos-core install ipset
    and it downloaded and installed the ipset command. But it did nothing about the kernel modules.
    When I run ipset, as in:
    ipset --create test nethash
    I get:
    ipset v6.11: cannot open session to kernel

    So what do I do from there?:(
    The reply is currently minimized Show
  • Accepted Answer

    ddd
    ddd
    Offline
    Thursday, August 06 2015, 02:24 AM - #Permalink
    Resolved
    0 votes
    Ipset is indeed in clears-core I just wasn't able to access the repository that day ... thanks for your help!
    The reply is currently minimized Show
  • Accepted Answer

    ddd
    ddd
    Offline
    Sunday, July 26 2015, 11:10 PM - #Permalink
    Resolved
    0 votes
    Thank you all for responding, I located the country scripts etc. but upon trying to run found there is no ipset on my community 6 installation, couldn't find install info on ipset by searching the forum, no luck yum'ing around for it hence my post.

    having a wee bit of trouble getting at the core repo ...

    http://mirror1-orem.clearsdn.com/clearos/core/6/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 403 Forbidden"
    Trying other mirror.
    Error: Cannot retrieve repository metadata (repomd.xml) for repository: clearos-core. Please verify its path and try again

    there is only the community directory under the clearos/ directory at the mirror url

    do I have to get the ipset source and build it?
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, July 22 2015, 04:32 PM - #Permalink
    Resolved
    0 votes
    @Dave, Where have you been?! Try searching the forums for ipset. There is a country blocking script and at least another using Emerging Threats blocklists. I use it extensively. I also parse some of the ET rules such as the one with TOR exit points and fire those into an ipset set I use for blocking. It works fine. The only issue I've seen is problems deleting firewall rules with ipset matches where it seems to fail, so I don't use ipset rules with fail2ban.

    @ddd, remember you need to "modprobe ipset" before it will work.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, July 22 2015, 04:18 PM - #Permalink
    Resolved
    0 votes
    DISCLAIMER: I have no idea how this package interacts with the ClearOS firewall. ClearOS doesn't use the standard mechanism that CentOS uses for firewalling although we do use IP tables. It may be as simple as installing ipset and then creating rules in /etc/clearos/firewall.d/local or /etc/clearos/firewall.d/custom. I have no idea but would be interested in feedback from your testing and implementation.

    Here is how to install the package from command line in ClearOS:
    yum --enablerepo=clearos-core install ipset

    Here is a useful article on the subject:
    http://blog.ls20.com/securing-your-server-using-ipset-and-dynamic-blocklists/
    The reply is currently minimized Show
Your Reply