I found this ipset plugin for iptables-persistent. I can confirm it works on Ubuntu 16.04. https://github.com/jordanrinke/ipsets-persistent Just put the 10-upset file into /usr/share/netfilter-persistent/plugins.d and chmod ugo+x 10-ipset add your ipset rules, then: sudo netfilter-persistent save sudo netfilter-persistent reload and reboot to confirm all is persistent with sudo ipset -L and sudo iptables -L and sudo ip6tables -L I still feel this should solution be merged into iptables-persistent for native support. O. On Tue, Jan 16, 2018 at 1:08 PM, Oliver O'Boyle <oliver.oboyle@xxxxxxxxx> wrote: > I've confirmed it's a service ordering issue. If I include these lines > in /etc/network/interfaces > > pre-up ipset restore -! < /etc/ipset/ipset.rules > up /usr/share/netfilter-persistent/plugins.d/25-ip6tables restart > > then ip6tables loads without issue. > > I'm not super experienced with upstart and service ordering etc... Can > someone tell me if there's a better more elegant way to make use of > ipset and netfilter-persistent so that both ipset and ip(x)tables > remain persistent? Or, at least, please confirm that the way I'm doing > it above is the only (or best) way. > > Thanks, > Oliver > > On Mon, Jan 15, 2018 at 4:19 PM, Oliver O'Boyle <oliver.oboyle@xxxxxxxxx> wrote: >> Mark, >> >> I've implemented this by using : >> >> pre-up ipset restore -! < /etc/ipset/ipset.rules >> post-down ipset-save -file /etc/ipset/ipset.rules >> >> ipset rules appear with sudo ipset -L after a reboot. So all looks good there. >> >> However, sudo ip6tables -L still shows default rules. I'm using >> iptables-persistent for iptables persistence. Do you know when >> iptables-persistent is run? It looks like it's being called before the >> interface is in pre-up and so it's still not able to find ipset rules. >> >> Oliver >> >> On Mon, Jan 15, 2018 at 3:36 AM, Mark Coetser <mark@xxxxxxxxxxxx> wrote: >>> >>> On 12/01/2018 23:20, Oliver O'Boyle wrote: >>>> >>>> Hello, >>>> >>>> Just started using IPSet on Ubuntu 16.04. After reboot, my set >>>> disappeared and my ip6tables config vanished, leaving my fw wide open >>>> with default rules. OUCH. >>>> >>>> What's the proper way to do IPSet persistence on Ubuntu 16.04? >>>> >>>> Oliver >>>> >>> >>> either create a script that you call from /etc/network/interfaces ie >>> >>> up /full/path/script >>> >>> that has your ipset commands >>> >>> or just put the ipset stuff into interfaces file >>> >>> auto eth0 >>> iface eth0 inet static >>> address x.x.x.x >>> netmask x.x.x.x >>> up ipset xxxxxx >>> up ipset xxxxxx >>> >>> >>> -- >>> Thank you, >>> >>> Mark Adrian Coetser >>> mark@xxxxxxxxxxxx >>> >>> What causes the mysterious death of everyone? >> >> >> >> -- >> :o@> > > > > -- > :o@> -- :o@> -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
