Custom ipset support

Post Reply
ocahui
Junior Member
Posts: 12
Joined: 02 May 2016, 23:32

Custom ipset support

Post by ocahui »

I have private custom ipset-managed blocklists on my system that get wiped out whenever csf is restarted,because, of course, csf is unaware of them. This poses a management problem.

Is there some way to inform csf of the existence of these ipsets? I am only aware of the support in /etc/csf/csf.blocklists, which is geared entirely to public lists dowloaded from external URLs.

The kind of support I have in mind is a much simpler blocklist scheme, basically consisting of maintaining a list of ipset names that are saved (using ipset save command) before the firewall is restarted and restored (using ipset restore command) after csf is restarted. Perhaps in a different section of csf.blocklists file that would expect a different syntax for the name? (The mechanism I use has different naming convention that conflicts with the csf names.)
Post Reply