ipset persistent How to guide.... Replace fail2ban if you want.....

PROBLEMCHYLD · 10-06-2020, 03:46 PM

Create a log file name intruders. The file will log any ip address that tries to connect to the system. Everyone uses different methods to log so I'm skipping this part.

Make sure ip addresses are single lines like so

1.2.3.4
5.6.7.8
9.10.11.12

etc....

Create an ipset rule

ipset create intruders hash:ip family inet hashsize 2048 maxelem 131072

Download lsb-base_4.1+Debian13+nmu1_all.deb

http://ftp.debian.org/debian/pool/main/l/lsb/

Extract the package and then extract data.tar.xz

Copy the folder lsb to the /lib/ directory on Slackware /lib/lsb/init-functions.d/

Download ipset-persistent

https://sourceforge.net/projects/ips...sistent/files/

Extract the .tgz file

Copy the ipset-persistent to /etc/init.d/ make executable

then add the lines below like so

IPT=/usr/sbin/iptables
$IPT -I INPUT 14 -m set --match-set intruders src,dst -j DROP
$IPT -A FORWARD -m set --match-set intruders src,dst -j DROP

#!/bin/sh

### BEGIN INIT INFO
# Provides: ipset-persistent
# Required-Start: mountkernfs $local_fs
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Start-Before: $network iptables-persistent
# X-Stop-After: $network
# Short-Description: Set up ipset rules
# Description: Loads/saves current ipset rules from/to /etc/iptables
# to provide a persistent rule set during boot time
### END INIT INFO

. /lib/lsb/init-functions

rc=0

IPSET=/usr/sbin/ipset
IPT=/usr/sbin/iptables

load_rules()
{
if [ ! -x $IPSET ]; then
log_action_cont_msg " skipping ipset-persistent ($IPSET not exist)"
else
log_action_begin_msg "Loading ipset rules"
if [ ! -f /etc/iptables/ipset.save ]; then
log_action_cont_msg " skipping ipset-persistent (no rules to load )"
else
log_action_cont_msg "ipset"
$IPSET destroy
$IPSET restore < /etc/iptables/ipset.save 2> /dev/null
$IPT -I INPUT 14 -m set --match-set intruders src,dst -j DROP change to suit you
$IPT -A FORWARD -m set --match-set intruders src,dst -j DROP
if [ $? -ne 0 ]; then
rc=1
fi
fi
fi

log_action_end_msg $rc
}

Add to rc.local

if [ -x /etc/init.d/ipset-persistent ]; then
/etc/init.d/ipset-persistent start
fi

Add to rc.local_shutdown

if [ -x /etc/init.d/ipset-persistent ]; then
/etc/init.d/ipset-persistent save
fi

create a script name ipset-intruders

add the following to the script

#!/bin/sh
while read ip; do
/usr/sbin/ipset add intruders -exist $ip
/usr/sbin/ipset del intruders 192.168.43.10
sleep 3
done < /home/problemchyld/.intruders/intruders.log
exit 0

Place the script in /etc/init.d/ make executable
Add the script to cron job for however many seconds or minutes. I use 3 seconds because I get blocked when I vpn tunnel in.

Of course you will have to change everything to your system.

The intruders list is in real-time so the intruder will be block instantly.

I did create a package with src2pkg because IDK how to make slackbuils. So I just installed the package and everything is set for me.

Sorry I'm not the greatest at writing tutorials.