Re: [Shorewall-users] Proper ipsets setup for ShoreWall?

Sun, 09 Nov 2008 16:58:12 -0800 

JC Janos wrote:

Hello,

In learning about handling large lists of IPs in ShoreWall, I
discovered its ipsets support.

As according to the ShoreWall docs,

"Using ipsets requires that you patch your kernel and iptables and
that you build and install the ipset utility from
http://ipset.netfilter.org/.";

After a bit of Googling, I think I've correctly installed the utility


ipset --version

ipset v2.4.3 Protocol version 2.

and the kernel module,


lsmod | grep -i ip_set

ip_set_iphash          13456  0
ip_set                 26156  2 ip_set_iphash


modinfo ip_set

filename:       /lib/modules/2.6.25.18-0.2-default/updates/ip_set.ko
description:    module implementing core IP set support
author:         Jozsef Kadlecsik <[EMAIL PROTECTED]>
license:        GPL
srcversion:     258C1BA85EA4FF1F35720B0
depends:
vermagic:       2.6.25.18-0.2-default SMP mod_unload 586
parm:           max_sets:maximal number of sets (int)
parm:           hash_size:hash size for bindings (int)

Is this all sufficiently "installed" for ShoreWall?

I'm not sure how to test if iptables is properly patched.

This makes me wonder if it is,


shorewall show capabilities | grep -i ipset

Ipset Match: Not available
Then something isn't right. You can read the code in /usr/share/shorewall/lib.base, function determine_capabilities() to see the commands that Shorewall executes to determine if ipset support is available. 

-Tom
--
Tom Eastep    \ The ultimate result of shielding men from the effects of
Shoreline,     \ folly is to fill the world with fools.
Washington, USA \                                     -- Herbert Spencer
------------------------------------------------------------------------
http://www.shorewall.net

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to