.\" Automatically generated by Pandoc 1.17.2 .nh .\" .TH "firehol\-ipset" "5" "Built 21 Jan 2017" "FireHOL Reference" "3.1.1" .hy .SH NAME .PP firehol\-ipset \- configure ipsets .SH SYNOPSIS .PP ipset \f[I]command\f[] \f[I]name\f[] \f[I]options\f[] .SH DESCRIPTION .PP FireHOL has an \f[C]ipset\f[] helper. It is a wrapper around the real \f[C]ipset\f[] command and is handled internally within FireHOL in such a way so that the ipset collections defined in the configuration will be activated before activating the firewall. .PP FireHOL is also smart enough to restore the ipsets after a reboot, before it restores the firewall, so that everything will work as seamlessly as possible. .PP The \f[C]ipset\f[] helper has the same syntax with the real \f[C]ipset\f[] command. So in FireHOL you just add the \f[C]ipset\f[] statements you need, and FireHOL will do the rest. .PP Keep in mind that each \f[C]ipset\f[] collection is either IPv4 or IPv6. In FireHOL prefix \f[C]ipset\f[] with either \f[C]ipv4\f[] or \f[C]ipv6\f[] and FireHOL will choose the right IP version (there is also \f[C]ipset4\f[] and \f[C]ipset6\f[]). .PP Also, do not add \f[C]\-!\f[] to ipset statements given in \f[C]firehol.conf\f[]. FireHOL will batch import all ipsets and this option is not needed. .SH FireHOL ipset extensions .PP The features below are extensions of \f[C]ipset\f[] that can only be used from within \f[C]firehol.conf\f[]. They will not work on a terminal. .PP The FireHOL helper allows mass import of ipset collections from files. This is done with \f[C]ipset\ addfile\f[] command. .PP The \f[C]ipset\ addfile\f[] command will get a filename, remove all comments (anything after a \f[C]#\f[] on the same line), trim any empty lines and spaces, and add all the remaining lines to \f[C]ipset\f[], as if each line of the file was run with \f[C]ipset\ add\ COLLECTION_NAME\ IP_FROM_FILE\ [other\ options]\f[]. .PP The syntax of the \f[C]ipset\ addfile\f[] command is: .IP .nf \f[C] \ ipset\ addfile\ *name*\ [ip|net]\ *filename*\ [*other\ ipset\ add\ options*] \f[] .fi .PP \f[C]name\f[] is the collection to add the IPs. .PP \f[C]ip\f[] is optional and will select all the lines of the file that do not contain a \f[C]/\f[]. .PP \f[C]net\f[] is optional and will select all the lines of the file that contain a \f[C]/\f[]. .PP \f[C]filename\f[] is the filename to read. You can give absolute filenames and relative filenames (to \f[C]/etc/firehol\f[]). .PP \f[C]other\ ipset\ add\ options\f[] is whatever else \f[C]ipset\ add\f[] supports, that you are willing to give for each line. .PP The \f[C]ipset\ add\f[] command implemented in FireHOL also allows you to give multiple IPs separated by comma or enclosed in quotes and separated by space. .SH EXAMPLES .IP .nf \f[C] \ ipv4\ ipset\ create\ badguys\ hash:ip \ ipv4\ ipset\ add\ badguys\ 1.2.3.4 \ ipv4\ ipset\ addfile\ badguys\ file\-with\-the\-bad\-guys\-ips.txt \ ... \ ipv4\ blacklist\ full\ ipset:badguys \ #\ example\ with\ multiple\ IPs \ ipv4\ ipset\ create\ badguys\ hash:ip \ ipv4\ ipset\ add\ badguys\ 1.2.3.4,5.6.7.8,9.10.11.12\ #\ <<\ comma\ separated \ ipv4\ ipset\ add\ badguys\ "11.22.33.44\ 55.66.77.88"\ \ #\ <<\ space\ separated\ in\ quotes \f[] .fi .PP ipsets with IP Lists for abuse, malware, attacks, proxies, anonymizers, etc can be downloaded with the contrib/update\-ipsets.sh script. Information about the supported ipsets can be found at FireHOL IP Lists (http://iplists.firehol.org/) .SH SEE ALSO .IP \[bu] 2 firehol(1) \- FireHOL program .IP \[bu] 2 firehol.conf(5) \- FireHOL configuration .IP \[bu] 2 firehol\-interface(5) \- interface definition .IP \[bu] 2 firehol\-router(5) \- router definition .IP \[bu] 2 firehol\-params(5) \- optional rule parameters .IP \[bu] 2 firehol\-masquerade(5) \- masquerade helper .IP \[bu] 2 FireHOL Website (http://firehol.org/) .IP \[bu] 2 FireHOL Online PDF Manual (http://firehol.org/firehol-manual.pdf) .IP \[bu] 2 FireHOL Online Documentation (http://firehol.org/documentation/) .IP \[bu] 2 FireHOL IP Lists (http://iplists.firehol.org/) .IP \[bu] 2 NAT HOWTO (http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html) .IP \[bu] 2 netfilter flow diagram (http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg) .SH AUTHORS FireHOL Team.