IPset (Import)

SamTzu

Active Member
I would like to import list of IP's to Proxmox IPset rule.
Any idea how that might be done?
I have collected Fail2Ban Recidive list for a while now and would like to import that to a ClusterWide rule set for every LXC container.
 

SamTzu

Active Member
In /etc/pve/firewall/cluster.fw I can see something like this:

[OPTIONS]

enable 1

[ALIASES]

[IPSET Google DNS1] # 8.8.8.8/32

8.8.8.8/32

[IPSET Google DNS2] # 8.8.4.4/32

8.8.4.4/32

[IPSET no2all-list] # Block all - 1 list 2 rule them all

112.85.42.120
112.85.42.121
112.85.42.122
 
Last edited:

SamTzu

Active Member
Wouldn't it be nice if cluster.fw could be "split" or include links to file(s) that only contained IP address's (or IP/CIDR)?
That would make scripting IP list updates really easy.

$IncludeConfig /etc/pve/firewall/listname.conf

Then we could just "import" fail2ban IP's there with something like:

iptables -L -n | awk '$1=="REJECT" && $4!="0.0.0.0/0" {print $4}' > /etc/pve/firewall/listname.conf

...and voila - Network wide ban lists automatically distributed where ever we want.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!