How to configure iptables to use ipsets?

I am experimenting with CrowdSec as a means of blocking bad actors - mostly scrapers - from our sites. It seems like quite a good tool, and it automatically loads some ipsets for iptables to use. But it doesn’t seem to be using them.

I added a rule from the command line, such as

sudo iptables -A INPUT -m set --match-set crowdsec-blacklists-0 src -j DROP

and it accepts it, but after a reboot it disappears, so it’s obviously not persistent. How to make it so?

Better using the crowdsec forum.

I reckon you need to install iptables-persistent: sudo apt install iptables-persistent

Check if enabled: sudo systemctl is-enabled netfilter-persistent.service

If not enable it: sudo systemctl enable netfilter-persistent.service

I’ve run into something similar before. The rule works fine when added manually but won’t survive a reboot unless you save it. You can use iptables-save and iptables-restore or install something like iptables-persistent to reload the rules on startup. That way your ipset rules will stick around after a reboot.

Bad actors change IP addresses. Most of my manual /24 blocks to FirewallD are temps so I don’t get a bunch of outdated blocks taking up resources.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.