IPSET and Sabayon

Lazydog

Member
Joined
Jul 27, 2017
Messages
85
Reaction score
66
Credits
0
Been looking for a while now but haven't come up with anything. I'm hoping someone here might have an idea.

For some reason I cannot get IPSET to function correctly. By this I mean I can start and run the program I just cannot create any DB with it.

Code:
etc # systemctl status ipset
● ipset.service - IP sets for iptables
   Loaded: loaded (/usr/lib/systemd/system/ipset.service; enabled; vendor preset: disabled)
   Active: active (exited) since Sat 2018-01-06 11:30:39 EST; 11min ago
  Process: 4881 ExecStop=/usr/libexec/ipset/ipset.start-stop stop (code=exited, status=0/SUCCESS)
  Process: 4923 ExecStart=/usr/libexec/ipset/ipset.start-stop start (code=exited, status=0/SUCCESS)
 Main PID: 4923 (code=exited, status=0/SUCCESS)

Jan 06 11:30:39 sabayon systemd[1]: Starting IP sets for iptables...
Jan 06 11:30:39 sabayon ipset.start-stop[4923]: Loaded with no configuration
Jan 06 11:30:39 sabayon systemd[1]: Started IP sets for iptables.



etc # ipset help
ipset v6.32

Usage: ipset [options] COMMAND

Commands:
create SETNAME TYPENAME [type-specific-options]
        Create a new set

etc # ipset create Block-Indefinite-4 hash:ip hashsize 4096
ipset v6.32: Kernel error received: Invalid argument

Thank you for your time.
 


Wish I could help, but you are way over my head. :confused::confused::D

Good luck!

Cheers
 
@Lazydog - Hi Robert :D. I am a bit in Stan's category, but I have a Sabayon in my stable.

I will have to run updates and have them tell me how hard they are working, lol.

I have some work to do on the Timeshift Tute, and starting tomorrow we sign a contract to sell our old house in 30 days & I am handling our legals, so I may be quite busy.

So if that is of any help, I can get you to steer me a little to where you are up to, and a fresh eye may be of assistance?

Cheers

Chris Turner
wizardfromoz
 
Thnx guys.

IPSET is use to create DB's of ip addresses. With these DB's I can then match my firewall rules against them like so;
Code:
-A INPUT -p tcp -m tcp -m set --match-set Block-Indefinite-4 src -j DROP
-A INPUT -p tcp -m tcp -m set --match-set Block-Temporary-4 src -j DROP

Now instead of having many rules for IP Address I don't want to give access to I just add them to one of the DB's and they are blocked.

In the end I want to get Fail2ban up and working so that anyone trying to get access will first be dropped into Temporary and if they continue to try they are dropped into Indefinite.

But since I cannot get IPSET working I'm stopped in my tracks.
 
I've no experience with sabayon/gentoo but it seems the kernel in use is not built with ipset support or needed modules were not loaded/enabled.
If there's a .config file, what's the output of:
Code:
grep CONFIG_IP_SET /usr/src/linux/.config
 
Last edited:
nuna, Thanks for this. This is a great tip and as it looks this is not configured. Time to talk with the kernel maintainers.
 

Members online


Top