-
Notifications
You must be signed in to change notification settings - Fork 398
Installing update ipsets
Costa Tsaousis edited this page Nov 8, 2015
·
33 revisions
update-ipsets is part of FireHOL.
You can use update-ipsets without FireHOL. update-ipsets will does not depend on it. You have to install it to your computer though.
The FireHOL repo includes update-ipsets.
This is a quick guide to install it:
# cd somewhere
cd /tmp
# download FireHOL source from github
git clone https://github.com/firehol/firehol.git firehol.git
# cd to it:
cd firehol.git
# configure it:
sudo ./autogen.sh
# make sure autogen.sh completes successfully
# then run:
sudo ./configure --prefix=/usr --disable-man --disable-doc
# make sure configure completes successfully
# (of course you can omit --disable-man and --disable-doc
# though, man and doc generation have a few more package dependencies)
# install it
sudo make CFLAGS="-O3" install
# make sure it completes successfully.The above installs the development version of FireHOL on your computer, which includes the latest update-ipsets.
To run it, use something like this:
sudo update-ipsets enable dshieldCheck Downloading IP Lists to learn how to use it.
If you don't want to install FireHOL, here is a process:
# cd to your home
cd
# download firehol
git clone https://github.com/firehol/firehol.git firehol.git
# cd to it
cd firehol.git
# you cannot configure and build it - it will most probably fail
# use this:
cd sbin
make -o iprange -O3 -pthread iprange.c
# you will have to install iprange
sudo cp iprange /usr/bin/
# In the same directory there is a file called update-ipsets.in
# You need to change its configuration though:
mkdir "$HOME/ipsets"
cat >update-ipsets.conf <<EOF
BASE_DIR="$HOME/ipsets/"
RUN_PARENT_DIR="$HOME"
WEB_DIR=
LIB_DIR=
EOF
# Now you can run it like this:
./update-ipsets.in -f update-ipsets.conf enable dshield
# To download the enabled IP lists:
./update-ipsets.in -f update-ipsets.conf
Using the above procedure, the downloaded ipsets will be saved in $HOME/ipsets.
When update-ipsets is not run as root, it will not even attempt to change the ipsets in kernel.