ipset-blacklist icon indicating copy to clipboard operation
ipset-blacklist copied to clipboard

Published 20 hours ago verified publisher icon trick77

Create ipset-blacklist.service

Open marcolinuz opened this issue 7 years ago • 2 comments

Hello, this is a simple systemd service configuration file to automatically activate the blacklist at system reboot. It can be also used to start and stop the blacklist on demand with the commands: systemctl start ipset-blacklist and systemctl stop ipset-blacklist

All you need to do to activate the service is to put this file on your /etc/systemd/system directory and run the command: systemctl enable ipset-blacklist.service

Best Reguards.

marcolinuz avatar Oct 24 '17 09:10 marcolinuz

This unit file needs to be started before netfilter-persistent.

[Unit] Description=Enable IP Blacklist firewall blocking on System Startup #After=network.target lxc.service Before=network-pre.target netfilter-persistent.service Wants=network-pre.target Documentation=man:ipset man:iptables [Service] Type=oneshot RemainAfterExit=yes WorkingDirectory=/etc/ipset-blacklist ExecStartPre=/sbin/ipset restore -f /etc/ipset-blacklist/ip-blacklist.restore ExecStart=/sbin/iptables -I INPUT 1 -m set --match-set blacklist src -j DROP ExecStop=/sbin/iptables -D INPUT 1 -m set --match-set blacklist src ExecStopPost=/sbin/ipset destroy blacklist Delegate=yes StandardOutput=syslog StandardError=syslog [Install] WantedBy=multi-user.target

Siggemada avatar Aug 17 '19 08:08 Siggemada

You could also add auto-update routine every 24h

AcckiyGerman avatar Feb 11 '20 12:02 AcckiyGerman