Audit of Iptables and Ipset
Posted: 21 May 2015, 10:41
Hello,
(csf v7.69, ec2-ubuntu 14.04 86_x64)
I use ipset on my CSF. (when LF_IPSET = 0, iptables work perfect!)
I've been trying a simple disaster scenario. According to my scenario, I should block all countries except one to reduce effects of a DDOS attack.
After I set CC_DENY and CC_ALLOW parameters for an example, I checked whether it works or not. Unfortunately it didn't work.
I couldn't see anything for CC_ALLOWF and CC_DENY parameters on "View iptables Rules" page because of I use ipset.
Then I tried to check using ipset command "sudo ipset list". However CSF --help results appeared on the console.
Then I cheked /var/lib/csf directory for any file to see anything. Unfortunetly..
Then I checked my syslog file I saw the lines below.
Is there any chance to control IPSET and test my CSF?
-------------- var/log/syslog ------------------
May 21 08:40:32 lfd[5459]: CC: Extracting zone from GeoLite CSV Country database for [RO]
May 21 08:40:32 lfd[5459]: CC: Extracting zone from GeoLite CSV Country database for [CN]
May 21 08:40:33 lfd[5459]: CC: Repopulating ipset cc_cn with IP addresses from [CN]
May 21 08:40:33 lfd[5459]: IPSET: loading set new_cn with 3731 entries
May 21 08:40:34 lfd[5459]: IPSET: switching set new_cn to cc_cn
May 21 08:40:36 lfd[5459]: CC: Repopulating ipset cc_ro with IP addresses from [RO]
May 21 08:40:36 lfd[5459]: IPSET: loading set new_ro with 2256 entries
May 21 08:40:36 lfd[5459]: IPSET: switching set new_ro to cc_ro
(csf v7.69, ec2-ubuntu 14.04 86_x64)
I use ipset on my CSF. (when LF_IPSET = 0, iptables work perfect!)
I've been trying a simple disaster scenario. According to my scenario, I should block all countries except one to reduce effects of a DDOS attack.
After I set CC_DENY and CC_ALLOW parameters for an example, I checked whether it works or not. Unfortunately it didn't work.
I couldn't see anything for CC_ALLOWF and CC_DENY parameters on "View iptables Rules" page because of I use ipset.
Then I tried to check using ipset command "sudo ipset list". However CSF --help results appeared on the console.
Then I cheked /var/lib/csf directory for any file to see anything. Unfortunetly..
Then I checked my syslog file I saw the lines below.
Is there any chance to control IPSET and test my CSF?
-------------- var/log/syslog ------------------
May 21 08:40:32 lfd[5459]: CC: Extracting zone from GeoLite CSV Country database for [RO]
May 21 08:40:32 lfd[5459]: CC: Extracting zone from GeoLite CSV Country database for [CN]
May 21 08:40:33 lfd[5459]: CC: Repopulating ipset cc_cn with IP addresses from [CN]
May 21 08:40:33 lfd[5459]: IPSET: loading set new_cn with 3731 entries
May 21 08:40:34 lfd[5459]: IPSET: switching set new_cn to cc_cn
May 21 08:40:36 lfd[5459]: CC: Repopulating ipset cc_ro with IP addresses from [RO]
May 21 08:40:36 lfd[5459]: IPSET: loading set new_ro with 2256 entries
May 21 08:40:36 lfd[5459]: IPSET: switching set new_ro to cc_ro