I have created 2 IPSets and got the populated without any issues as well as getting the ipset-save and ipset restored setup so that it ipsets are persistent between reboots.
The aim of the 2 IP sets is to block inbound connections from either IP addresses or IP ranges on my red zone ppp0 internet connection.
So ideally, I would like these 2 IPSets to be the first 2 rules on the IPTables INPUT rule for the ppp connection (hot internet / red zone). I have had this setup working with iptables in ClearOS 6,6 with no issues.
The problem is that I haven’t managed to fully wrap my mind around Shorewall yet and I don’t know how to implement the above.
Does anyone have any pointers as to how to do it and some actual examples which I could follow to implement it?