IPSET / Faststart

cmodijk · Post by **cmodijk** » 07 Jul 2015, 09:19

Currently CSF is using separate calls to support ipset and with a big list of blocked ip-adresses (25000) this takes a long time to add al of them to ipset.

Before the CSF ipset support we where using our own implementation of ipset and we are using the restore method of ipset to import the list very fast. What you do is create a file with al of the add calls like this.

File ipset.records:

Code: Select all

add -exist list_name 1.2.3.5
add -exist list_name 1.2.3.4
add -exist list_name 1.2.3.7

And then restore the rules like this

Code: Select all

ipset restore -! < ipset.records

I think this could be a huge preformance boost for csf with ipset when Faststart is enabled.

Post by **ForumAdmin** » 07 Jul 2015, 10:07

Thank you for the suggestion. We will look into implementing this in the next major release - we do already use ipset restore for some functionality but not part of FASTSTART.

Post by **ForumAdmin** » 13 Jul 2015, 17:15

This has been implemented in csf v8.00:
http://blog.configserver.com/

cmodijk · Post by **cmodijk** » 28 Jul 2015, 07:26

Cool tnx!

ConfigServer Community Forum

IPSET / Faststart

IPSET / Faststart

Re: IPSET / Faststart

Re: IPSET / Faststart

Re: IPSET / Faststart