I would like to write a very simple daemon that exists only to add IPv4
and IPv6 addresses to an ipset. (The daemon will run on my firewall and
be used to block IPs that are identified by fail2ban on a separate web
server.)
Writing a fail2ban "action" to send an IP address over a socket should
be quite straightforward, but I haven't been able to figure out a good
way for the daemon (written in C) to add the IP to the set. Looking at
the libipset documentation[1], it seems to require passing in an
ipset(8)-style command string. While the daemon certainly could create
such a string and pass it to the library, this seems painfully
inelegant.
The lower level interface seems to be libmnl. Unfortunately, I can't
really find anything that I (as a netlink newbie) can follow that tells
me how I might go about doing this at that level.
Does anyone have any suggestions on how I might go about figuring this
out?
Thanks!
[1] http://ipset.netfilter.org/libipset.man.html
--
========================================================================
Ian Pilcher arequipeno@xxxxxxxxx
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
