[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Backing Up Ipset

Posted on 2016-09-03
9
Medium Priority
?
190 Views
Last Modified: 2016-09-10
I use ipset on our Centos 6 server.  I need to back up what I have in the ipset.

I have tried this  command -
[root@ip-172-31-22-236 ~]# service iptables stop && /etc/sysconfig/ipset.geoblock && service iptables start
-bash: /etc/sysconfig/ipset.geoblock: Permission denied

Open in new window


I am logged in as root why am I getting permission denied?

Here is my script to add to the ipset
for IP in $(wget -O - http://www.ipdeny.com/ipblocks/data/countries/[country name here].zone)
do
sudo ipset add geoblock $IP
done

Open in new window

0
Comment
Question by:sharingsunshine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 41784044
Even root gets permission denied if you try to execute a file which does not have execute permission.
On my system, I only have ebtables-config in /etc/sysconfig, but that file is not executable.

Now get this: you should not try to execute /etc/sysconfig/ipset.geoblock by making it executable. You must dot it instead, i.e. . /etc/sysconfig/ipset
If you look at the file, you will see it sets shell variables. That is why you must dot it.
0
 

Author Comment

by:sharingsunshine
ID: 41786498
using the dot I get this error

service iptables stop && ./etc/sysconfig/ipset.geoblock && service iptables start
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: nat filter      [  OK  ]
iptables: Unloading modules:                               [  OK  ]
-bash: ./etc/sysconfig/ipset.geoblock: No such file or directory

Open in new window

0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 41787146
You need a space between the dot and the slash. You are, in effect, sourcing the file.

All ipset.geoblock does is set shell variables. You then need to run your script that runs ipset itself, as in your original post.

Please post /etc/sysconfig/ipset.geoblock as an attachment if you would like me to help you further.
Unless it exports variables, it will do you no good to run it as you are (will be) doing. Why did you think you need to run it at all?
Just run your ipset script then stop and start iptables.

(Hint: cp /etc/sysconfig/ipset.geoblock ~/geoblock.txt and post geoblock.txt)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:sharingsunshine
ID: 41789276
As I stated at the first of this question I only want to back up ipset.  Looking online I was led to believe that command was how to do it.  I just need my ipset entries to be persistent if I have to turn off the server temporarily.

create geoblock hash:net family inet hashsize 1024 maxelem 65536 
add geoblock 193.91.32.0/20
add geoblock 194.42.212.0/24
add geoblock 213.166.32.0/19
add geoblock 185.4.124.0/22
add geoblock 212.66.64.0/19
add geoblock 217.197.96.0/20
add geoblock 195.43.96.0/19
add geoblock 185.6.232.0/22
add geoblock 193.168.44.0/23
add geoblock 194.61.96.0/20
add geoblock 193.168.32.0/21
add geoblock 158.167.0.0/16
add geoblock 185.80.124.0/22
add geoblock 199.103.74.0/24
add geoblock 80.90.32.0/20
add geoblock 193.168.60.0/23
add geoblock 146.220.0.0/16
add geoblock 185.9.188.0/22
add geoblock 185.30.172.0/22
add geoblock 192.103.2.0/24
add geoblock 192.91.140.0/24
add geoblock 27.96.24.0/21
add geoblock 92.250.128.0/17
add geoblock 91.195.18.0/23
add geoblock 193.19.112.0/23
add geoblock 185.40.60.0/22
add geoblock 83.243.8.0/21
add geoblock 195.46.224.0/19
add geoblock 192.160.22.0/24
add geoblock 192.172.253.0/24
add geoblock 80.246.96.0/20
add geoblock 185.66.96.0/22
add geoblock 195.218.0.0/19
add geoblock 185.13.88.0/22
add geoblock 83.99.0.0/17
add geoblock 146.3.0.0/16
add geoblock 195.24.72.0/21
add geoblock 193.169.158.0/23
add geoblock 46.29.176.0/21
add geoblock 195.246.100.0/23
add geoblock 80.255.160.0/20
add geoblock 185.71.56.0/22
add geoblock 148.110.0.0/16
add geoblock 195.34.86.0/23
add geoblock 80.92.80.0/20
add geoblock 91.241.28.0/24
add geoblock 192.207.142.0/24
add geoblock 5.149.112.0/21
add geoblock 158.169.0.0/16
add geoblock 31.216.144.0/21
add geoblock 31.172.144.0/21
add geoblock 178.251.160.0/21
add geoblock 185.94.0.0/22
add geoblock 94.125.200.0/21
add geoblock 37.157.152.0/21
add geoblock 193.168.40.0/22
add geoblock 136.173.0.0/16
add geoblock 195.28.160.0/23
add geoblock 87.240.192.0/18
add geoblock 81.92.224.0/20
add geoblock 95.130.184.0/21
add geoblock 185.3.44.0/22
add geoblock 91.142.130.0/24
add geoblock 91.232.88.0/23
add geoblock 158.64.0.0/16
add geoblock 204.79.224.0/23
add geoblock 188.93.168.0/21
add geoblock 212.117.160.0/19
add geoblock 217.31.64.0/20
add geoblock 194.42.98.0/23
add geoblock 193.168.1.0/24
add geoblock 212.233.32.0/19
add geoblock 88.207.128.0/17
add geoblock 80.92.64.0/20
add geoblock 94.252.0.0/17
add geoblock 87.254.96.0/19
add geoblock 193.168.62.0/23
add geoblock 46.17.168.0/21
add geoblock 109.69.240.0/21
add geoblock 185.97.244.0/22
add geoblock 193.109.130.0/23
add geoblock 195.200.240.0/23
add geoblock 185.69.216.0/22
add geoblock 91.214.44.0/22
add geoblock 158.168.0.0/16
add geoblock 188.42.0.0/16
add geoblock 94.103.208.0/20
add geoblock 185.69.224.0/22
add geoblock 213.135.224.0/19
add geoblock 193.168.2.0/24
add geoblock 212.56.224.0/19
add geoblock 192.58.28.0/24
add geoblock 193.168.16.0/20
add geoblock 91.190.216.0/21
add geoblock 185.42.216.0/22
add geoblock 192.156.248.0/24
add geoblock 195.26.4.0/23
add geoblock 62.182.176.0/21
add geoblock 185.65.0.0/22
add geoblock 95.128.120.0/21
add geoblock 193.168.58.0/23
add geoblock 194.36.224.0/20
add geoblock 93.93.48.0/21
add geoblock 185.68.44.0/22
add geoblock 195.10.64.0/19
add geoblock 178.255.216.0/21
add geoblock 193.9.128.0/20
add geoblock 185.32.236.0/22
add geoblock 193.168.8.0/21
add geoblock 195.137.228.0/23
add geoblock 80.64.144.0/20
add geoblock 194.154.192.0/19
add geoblock 217.117.192.0/20
add geoblock 192.91.141.0/24
add geoblock 37.230.112.0/21
add geoblock 185.36.180.0/22
add geoblock 185.26.160.0/22
add geoblock 212.24.192.0/19
add geoblock 147.67.0.0/16
add geoblock 158.166.0.0/16
add geoblock 109.120.64.0/18
add geoblock 194.152.52.0/24
add geoblock 188.115.0.0/18
add geoblock 178.254.64.0/18
add geoblock 94.242.192.0/18
add geoblock 185.49.244.0/22
add geoblock 194.0.23.0/24
add geoblock 194.0.42.0/24
add geoblock 89.106.200.0/21
add geoblock 176.65.72.0/21
add geoblock 31.22.120.0/21
add geoblock 31.204.88.0/21
add geoblock 78.31.8.0/21
add geoblock 193.178.219.0/24
add geoblock 178.249.192.0/21
add geoblock 91.142.129.0/24
add geoblock 185.100.132.0/22
add geoblock 78.141.128.0/18
add geoblock 92.42.176.0/21
add geoblock 85.93.192.0/19
add geoblock 93.174.40.0/21
add geoblock 185.44.56.0/22
add geoblock 195.35.81.0/24
add geoblock 80.90.48.0/20
add geoblock 193.109.208.0/24
add geoblock 83.222.32.0/19
add geoblock 85.94.224.0/19
add geoblock 213.169.96.0/19
add geoblock 193.168.64.0/18
add geoblock 193.9.144.0/22
add geoblock 156.133.0.0/16

Open in new window

0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 41789329
This is the input for ipset -file right? Just put it in the backup
0
 

Author Comment

by:sharingsunshine
ID: 41789503
That's correct.

I tried that and it was lost.  I took a snapshot of the volume on our VPS server and when we restored the volume via the snapshot it wasn't there.  That's why I am posting the question.

Same thing happens with iptables on Centos if you don't have them specifically saved.  The entries aren't persistent if you don't run the correct commands to back them up.
0
 
LVL 35

Accepted Solution

by:
Duncan Roe earned 2000 total points
ID: 41790730
iptables and ipset rules exist in Linux memory so cannot be preserved over a reboot. Your startup scripts need to re-issue appropriate ipset and iptables commands to reinstate the tables. You can either re-issue the original script as you posted, or use ipset save and ipset restore.
The scripts should do all this before enabling any interfaces.
0
 

Author Comment

by:sharingsunshine
ID: 41791154
if I use the original script I get the error that is listed in the beginning.  If I use ipset save I get

add geoblock 196.6.4.0/22
add geoblock 103.18.132.0/22
add geoblock 202.183.224.0/20
add geoblock 43.252.140.0/22
add geoblock 195.82.0.0/19
add geoblock 213.252.32.0/19
add geoblock 131.100.196.0/22
add geoblock 143.202.220.0/22
add geoblock 91.215.4.0/22
add geoblock 185.65.16.0/22
add geoblock 193.33.82.0/23
add geoblock 122.128.16.0/21
add geoblock 193.105.173.0/24
add geoblock 103.213.148.0/22
add geoblock 103.19.168.0/23
add geoblock 170.33.0.0/16
add geoblock 103.55.218.0/24
add geoblock 103.55.35.0/24
add geoblock 117.122.128.0/17
add geoblock 46.154.0.0/15
add geoblock 185.127.224.0/22
add geoblock 91.232.8.0/22
add geoblock 203.168.160.0/19
add geoblock 217.170.208.0/20
add geoblock 200.219.136.0/23
add geoblock 103.53.112.0/23
add geoblock 176.62.216.0/21
add geoblock 103.211.200.0/22
add geoblock 46.165.128.0/18
add geoblock 195.68.202.0/23
add geoblock 170.233.240.0/22
add geoblock 198.54.2.0/24
add geoblock 120.29.128.0/20
add geoblock 185.19.80.0/22
add geoblock 95.80.64.0/18
add geoblock 119.59.96.0/19
add geoblock 193.29.50.0/24
add geoblock 91.234.38.0/23
add geoblock 194.30.162.0/24
add geoblock 31.135.32.0/19
add geoblock 194.1.128.0/20
add geoblock 185.137.28.0/22
add geoblock 213.170.160.0/19
add geoblock 103.39.200.0/22
add geoblock 177.137.144.0/21
add geoblock 103.206.64.0/22
add geoblock 14.4.0.0/14
add geoblock 195.242.185.0/24
add geoblock 91.238.1.0/24
add geoblock 164.160.80.0/22
add geoblock 202.14.219.0/24
add geoblock 86.60.0.0/17
add geoblock 185.113.88.0/22
add geoblock 217.26.112.0/20
add geoblock 168.205.12.0/22
add geoblock 91.234.88.0/22
add geoblock 60.245.96.0/19
add geoblock 217.72.128.0/20
add geoblock 193.164.159.0/24
add geoblock 103.22.84.0/22
add geoblock 91.240.128.0/24
add geoblock 131.72.144.0/22
add geoblock 200.201.176.0/20
add geoblock 45.64.224.0/22
add geoblock 202.189.128.0/24
add geoblock 45.123.72.0/22
add geoblock 103.30.88.0/22
add geoblock 194.126.158.0/23
add geoblock 109.237.80.0/20
add geoblock 46.29.72.0/21
add geoblock 201.131.136.0/21
add geoblock 82.82.0.0/15
add geoblock 185.162.12.0/22
add geoblock 196.10.118.0/24
add geoblock 193.202.116.0/24
add geoblock 103.215.76.0/22
add geoblock 91.213.8.0/24
add geoblock 176.196.0.0/15
add geoblock 213.236.64.0/18
add geoblock 203.8.109.0/24
add geoblock 194.29.184.0/24
add geoblock 145.189.0.0/16
add geoblock 128.246.0.0/16
add geoblock 193.23.162.0/24
add geoblock 194.180.96.0/21
add geoblock 94.247.16.0/21
add geoblock 91.208.119.0/24
add geoblock 91.208.161.0/24
add geoblock 202.7.58.0/24
add geoblock 114.134.72.0/21
add geoblock 103.12.76.0/22
add geoblock 193.84.76.0/24
add geoblock 194.150.104.0/22
add geoblock 157.119.176.0/22
add geoblock 103.16.216.0/22
add geoblock 194.0.52.0/22
add geoblock 194.31.208.0/22
add geoblock 103.212.0.0/22
add geoblock 194.135.4.0/22
add geoblock 91.207.224.0/23
add geoblock 103.222.156.0/22
add geoblock 203.23.186.0/23
add geoblock 193.142.127.0/24
add geoblock 194.67.84.0/24
add geoblock 198.54.60.0/24
add geoblock 103.56.92.0/22
add geoblock 147.43.0.0/16
add geoblock 192.92.136.0/24
add geoblock 190.8.164.0/22
add geoblock 91.242.192.0/21
add geoblock 193.107.172.0/22
add geoblock 45.249.112.0/22
add geoblock 131.0.20.0/22
add geoblock 195.189.116.0/22
add geoblock 109.230.224.0/20
add geoblock 185.48.116.0/22
add geoblock 31.134.104.0/21
add geoblock 103.57.12.0/22
add geoblock 61.91.0.0/18
add geoblock 138.97.224.0/22
add geoblock 179.109.192.0/21
add geoblock 191.52.208.0/20
add geoblock 103.44.96.0/22
add geoblock 130.0.72.0/21
add geoblock 203.7.158.0/24
add geoblock 170.84.244.0/22
add geoblock 91.229.194.0/23
add geoblock 194.153.151.0/24
add geoblock 183.160.0.0/13
add geoblock 103.210.224.0/22
add geoblock 192.68.7.0/24
add geoblock 138.99.64.0/22
add geoblock 212.26.64.0/18
add geoblock 192.16.191.0/24
add geoblock 185.36.136.0/22
add geoblock 185.8.220.0/22
add geoblock 195.247.0.0/16
add geoblock 192.129.39.0/24
add geoblock 137.59.108.0/22
add geoblock 43.248.208.0/22
add geoblock 203.171.0.0/22
add geoblock 43.224.88.0/22
add geoblock 168.121.172.0/22
add geoblock 81.88.80.0/20
add geoblock 91.106.112.0/21
add geoblock 217.150.0.0/20
add geoblock 168.121.252.0/22
add geoblock 192.96.235.0/24
add geoblock 202.6.224.0/20
add geoblock 185.19.152.0/22
add geoblock 95.132.0.0/14
add geoblock 79.110.128.0/20
add geoblock 202.143.16.0/20
add geoblock 203.207.16.0/20
add geoblock 193.138.113.0/24
add geoblock 116.0.24.0/21
add geoblock 193.16.232.0/24
add geoblock 103.49.37.0/24
add geoblock 195.93.182.0/23
add geoblock 61.154.0.0/15
add geoblock 46.22.240.0/20
add geoblock 109.197.162.0/23
add geoblock 43.229.120.0/22
add geoblock 203.191.64.0/18
add geoblock 138.122.112.0/22
add geoblock 202.125.128.0/19
add geoblock 109.225.0.0/18
add geoblock 91.202.180.0/22
add geoblock 202.130.96.0/19
add geoblock 103.216.64.0/22
add geoblock 177.67.104.0/21
add geoblock 217.145.96.0/20
add geoblock 91.228.12.0/22
add geoblock 177.155.64.0/20
add geoblock 80.87.160.0/20
add geoblock 27.111.72.0/22
add geoblock 182.160.96.0/19
add geoblock 194.187.128.0/22
add geoblock 168.181.48.0/22
add geoblock 189.14.208.0/20
add geoblock 154.73.72.0/22
add geoblock 185.60.16.0/22
add geoblock 222.216.0.0/15
add geoblock 185.49.240.0/22
add geoblock 43.243.76.0/22
add geoblock 91.198.233.0/24
add geoblock 91.199.4.0/24
add geoblock 202.155.32.0/19
add geoblock 101.128.32.0/19
add geoblock 185.84.244.0/22
add geoblock 195.189.214.0/23
add geoblock 150.122.0.0/16
add geoblock 103.205.220.0/22
add geoblock 43.229.212.0/22
add geoblock 103.38.152.0/22

Open in new window


My question is where is it being saved?  I need to know should I ever need to restore the ipset.
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 41791550
ipset save writes to stdout by default as per the man page, which I hope you are reading. It seems from your test that ipset save does not write the ipset create line. You should be fine to dot the script in https:#a41789276
To execute it, be sure to give it execute permission. Also insert as line 1 #!/bin/sh
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question