Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Setting ipset to be persistent (not lose lists on reboot)

If your distro is using systemd (Ubuntu, Arch, RHEL 7+, etc.) then you create a service to load ipset tables at boot (as well as save the table/s when the service is stopped, e.g. at shutdown etc.).

...

Let's start by creating our service file based off this excellent post by selivan:

Code Block
title/etc/systemd/system/ipset-persistent.service
linenumberstrue
[Unit]
Description=ipset persistancy service
DefaultDependencies=no
Requires=netfilter-persistent.service
Requires=ufw.service
Before=network.target
Before=netfilter-persistent.service
Before=ufw.service
ConditionFileNotEmpty=/etc/ipsets.conf

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/touch /etc/ipsets.conf
ExecStart=/sbin/ipset restore -f -! /etc/ipsets.conf

# save on service stop, system shutdown etc.
ExecStop=/sbin/ipset save blacklist -f /etc/ipsets.conf

[Install]
WantedBy=multi-user.target

RequiredBy=netfilter-persistent.service
RequiredBy=ufw.service

...

Note1, that you first need to remove any lists that are in use from iptables.  See above section Enabling the list in iptables for details on how to do this.

...