Add custom ipset in Threat Shield

Juan_Martin · February 4, 2021, 7:40am

NethServer Version: 7.9.2009
Module: Threat shield
Hi, I’m having some difficulties trying to add a custom ipset to Threat shield.

So far, I’ve added the git url (https://github.com/firehol/blocklist-ipsets), raised MaxElem property and enabled some categories.

I wanted to use a custom blacklist with several IP address related to VPNs which I haven’t found in any of the included categories. I added a text file with these addresses to /usr/share/nethserver-blacklists/ipsets, using the same format as other ipsets. After that I can see the new category as available in cockpit, but when I enable it I get and error and shorewall-update fails.
From what I’ve seen, my ipset has been removed from the directory and shorewall fails to load the ipset. I had to disable and re-enable some random category to solve the problem.

I’m I doing something wrong or should I use another method to add a custom ipset?

filippo_carletti · February 4, 2021, 9:45am

AFAIK, what you are doing is correct, I have personally did the same months ago. If I find the system where I did my tests, I’ll double check and let you know.
Meanwhile, please post more details if you can (error message, content of the ipset file, database property: config show blacklist).

Juan_Martin · February 4, 2021, 12:08pm

Sorry, I tried again and I didn’t have any issues this time. I even run the cron job which updates the ipsets manually to be sure, as I though that maybe it was the culprit that my ipset was deleted, but everything went just fine.
If the problem happens again I will post all the info requested.

Thanks Filippo.