On 26/02/2019 23:25, Genes Lists via arch-general wrote: > On 2/26/19 4:01 PM, brent s. wrote: > > ... >> You can (Gene, you may find this particularly useful since you feed to >> ipset) use the pyroute2.IPSet() function to actually manage the live >> > Great thank you - I wasn't aware of this capability. I really like > python! ipset made a huge difference - major benefit I agree. > > The other thing I do in my firewall script is I write the rules in > iptables-save format. Many guides continue to use the iptables > executable in their examples rather than directly writing into a file in > iptables-save format. I haven't read any guides for a long time, so > perhaps there are better ones now which speak to this. > > Rather than invoking iptables repeatedly on each rule, i write an > iptables-save formatted file and then use iptables-restore to install > the entire firewall in one shot. > > thank you brent ... > > gene I feel like it's easier to just let the command do the formatting. On top of that, doing the same for ipset requires like, a lot of extra lines and formatting for something very simple. Simply iterating through the ip's with the ipset executable makes creating the lists that much easier. -- Regards, Juha Kankare
