Maybe I don't understand your question, but Shorewall can be configured to populate an ipset: ?COMMENT rdp ADD(+shorewall-ip:src) inet fw tcp 3389 # rdp
Externally, you can populate a set with the ipset command. fail2ban can do this. I have my DHCP set to add entries to an ipset: Name: DHCP4-lease Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 14400 Size in memory: 18104 References: 0 Members: 192.168.6.76 timeout 534559 192.168.4.76 timeout 572419 192.168.6.94 timeout 567003 192.168.4.72 timeout 567155 You can create a script to add entries. Hope this helps, Bill On 4/19/2017 9:56 AM, Guilsson . wrote: > Dear sirs, > > I need to block a huge list of IP addresses (about 7,000). > > As I didn't see any comprehensive example about creating and maintaining > IPSETs inside Shorewall (except add/remove entries: > http://shorewall.org/ipsets.html). Is it true that all IPSET creation and > feeding those 7000 address it's done outside of > Shorewall ? > > Thanks > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
