Using fireHOL IP lists, ipset and iptables together

Question

I would like to use fireHOL ip lists: http://iplists.firehol.org , ipset and iptables together on my centOS webserver.

I have installed the fireHOL lists and updated the IP lists it generates.

The IP lists it creates are saved in: /etc/firehol/ipsets (https://github.com/firehol/blocklist-ipsets/wiki/Downloading-IP-Lists#where-are-the-ipsets)

I have installed ipset.

I already have iptables installed and working (controlled via CSF/LFD).

How do I tie together the IP lists, ipset and iptables so that the lists are blocked via iptables (https://github.com/firehol/blocklist-ipsets/wiki/Downloading-IP-Lists#updating-the-ipsets-in-kernel)?

Thanks for any help.

Answer 1

I don't know how to do it with CSF/LFD, but if you use FireHOL, you would need something like the following for each ipset.

Let's assume you are interested for ipset dshield. In your firehol.conf, at its top you should add this:

ipset4 create dshield hash:net
ipset4 addfile dshield ipsets/dshield.netset
blacklist4 input inface ${wan} log "BLACKLIST dshield" ipset:dshield

Of course, the above is a fragment. You will need to configure firehol.conf properly.

Then, update-ipsets will update dshield in kernel automatically when it is updated.

So the general idea:

1. create the ipset with the name of the IP list you are interested
2. initialize it with the contents of the file generated by update-ipsets
3. create a blacklist that uses the ipset you created
4. update-ipsets will automatically update the ipset in kernel

firehol takes care of 1,2,3 and update-ipsets of the 4th. Check this: https://github.com/firehol/firehol/wiki/Working-with-IPSETs

Alternatively: You can do 1 and 2 by running ipset commands on your console. You can do 3 using your firewall (it has to support ipsets) or by running iptables commands on your console.

If you don't know what to do, the simplest way is to use firehol. Check its docs (http://firehol.org/guides/firehol-welcome/).