On 26/02/2019 23:25, Genes Lists via arch-general wrote:
> On 2/26/19 4:01 PM, brent s. wrote:
> ...
>> You can (Gene, you may find this particularly useful since you feed to
>> ipset) use the pyroute2.IPSet() function to actually manage the live
> Great thank you - I wasn't aware of this capability. I really like
> python! ipset made a huge difference - major benefit I agree.
> The other thing I do in my firewall script is I write the rules in
> iptables-save format. Many guides continue to use the iptables
> executable in their examples rather than directly writing into a file in
> iptables-save format.  I haven't read any guides for a long time, so
> perhaps there are better ones now which speak to this.
> Rather than invoking iptables repeatedly on each rule, i write an
> iptables-save formatted file and then use iptables-restore to install
> the entire firewall in one shot.
> thank you brent ...
> gene
I feel like it's easier to just let the command do the formatting. On 
top of that, doing the same for ipset requires like, a lot of extra 
lines and formatting for something very simple. Simply iterating through 
the ip's with the ipset executable makes creating the lists that much 

Regards, Juha Kankare

Reply via email to