[SOLVED] ipset in bulk

[rolcom]

Hi,

I wanted to use the ipset feature within proxmox firewall, to block/allow certain countries, the thing is the database is huge and I dont think adding manually and updating the list weekly is not the way to go...

I've been looking in the directories, mainly at /etc/pve if I could find the config file or where are the ipset stored, so I can copy there all the IPs...

Anyone knows the best way to add a lot of IPs as ipset in proxmox?


Thanks.

 

[t.lamprecht]

Hi,

I've been looking in the directories, mainly at /etc/pve if I could find the config file or where are the ipset stored, so I can copy there all the IPs...

The most relevant directory is: /etc/pve/firewall
For cluster wide IP sets: /etc/pve/firewall/cluster.fw
Node definitions are stored in: /etc/pve/nodes/NODENAME/host.fw though

 

[rolcom]

THANKS! I've no idea how I didnt see those files... right what I was looking for, all ipsets are populated now, THAAANKS.

 

[pali]

Hi, I’m thinking about the same thing to use one ipset for several CT. Did you made a script to update the list ? Can you share the way you implemented ist ?

Tanks by advance

 

[esrvr]

For those coming across this old thread from Google, pve-firewall status will recompile cluster.fw and add the new IPset without needing to restart the entire firewall.