On 26/02/2019 23:25, Genes Lists via arch-general wrote:
On 2/26/19 4:01 PM, brent s. wrote:
You can (Gene, you may find this particularly useful since you feed to ipset) use the pyroute2.IPSet() function to actually manage the live
Great thank you - I wasn't aware of this capability. I really like python! ipset made a huge difference - major benefit I agree.
The other thing I do in my firewall script is I write the rules in iptables-save format. Many guides continue to use the iptables executable in their examples rather than directly writing into a file in iptables-save format. I haven't read any guides for a long time, so perhaps there are better ones now which speak to this.
Rather than invoking iptables repeatedly on each rule, i write an iptables-save formatted file and then use iptables-restore to install the entire firewall in one shot.
thank you brent ...
I feel like it's easier to just let the command do the formatting. On top of that, doing the same for ipset requires like, a lot of extra lines and formatting for something very simple. Simply iterating through the ip's with the ipset executable makes creating the lists that much easier.