Custom IPset groups

keneshhagard · February 14, 2022, 5:34am

Hi,

I wrote a script to create a custom IPSET group for a blocklist and have written a script to reload it when the router start-ups, however I am noticing that if I create an IPSET group through the configuration lines that I am having sporadic behaviors of that list not showing or getting deleted. Any suggestions on how to get the two to work together?

I see in this post they created a blank group - GeoIP Blocking/Large IP Blocklist - #5 by panachoi

Does that mean I would need to manage all groups that way going forward? (even if it was just a port group)

Thanks

Dmitry · February 14, 2022, 6:23am

Hi @keneshhagard since from 1.4 rolling version VyOS does not use ipset, it uses native nftables sets

n.fort · February 16, 2022, 2:53pm

Yes and no @Dmitry .
New firewall implementations doesn’t use native nftables sets. See T4147 for more info.

But as far as I know, moving to native nftables sets is in the roadmap