...
Setting ipset to be persistent (not lose lists on reboot)
If your distro is using systemd (Ubuntu, Arch, RHEL 7+, etc.) then you create a service to load ipset tables at boot (as well as save the table/s when the service is stopped, e.g. at shutdown etc.).
...
Let's start by creating our service file based off this excellent post by selivan:
Code Block | ||||
---|---|---|---|---|
| ||||
[Unit] Description=ipset persistancy service DefaultDependencies=no Requires=netfilter-persistent.service Requires=ufw.service Before=network.target Before=netfilter-persistent.service Before=ufw.service ConditionFileNotEmpty=/etc/ipsets.conf [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/touch /etc/ipsets.conf ExecStart=/sbin/ipset restore -f -! /etc/ipsets.conf # save on service stop, system shutdown etc. ExecStop=/sbin/ipset save blacklist -f /etc/ipsets.conf [Install] WantedBy=multi-user.target RequiredBy=netfilter-persistent.service RequiredBy=ufw.service |
...
Note1, that you first need to remove any lists that are in use from iptables. See above section Enabling the list in iptables for details on how to do this.
...