Skip to content

Installing update ipsets

Jump to bottom Edit New page
Ryan Boehning edited this page Jun 5, 2020 · 33 revisions

update-ipsets is part of FireHOL.

You can use update-ipsets without FireHOL. update-ipsets does not depend on it. You have to install it to your computer though.

update-ipsets is a new member of the FireHOL suite. It is part of FireHOL v3+. You can also download the latest development version of it using the following procedure (which will also install the latest version of FireHOL to your computer).

Install update-ipsets (and FireHOL)

The FireHOL repo includes update-ipsets.

You need to have a basic build environment in place. You will need packages like git, make, gcc, autoconf, autogen, automake, pgk-config, curl, ipset, etc.

To install them in debian/ubuntu, you need to run:

sudo apt-get install autoconf autogen automake curl gcc git ipset kmod make pkg-config procps traceroute zlib1g-dev

This is a quick guide to install it:

# cd somewhere
cd /tmp

# download iprange and firehol from github
git clone https://github.com/firehol/iprange.git iprange.git
git clone https://github.com/firehol/firehol.git firehol.git

# install iprange
cd iprange.git

./autogen.sh
# make sure it completed successfully

./configure --prefix=/usr CFLAGS="-march=native -O3" --disable-man
# make sure it completed successfully

make
# make sure it completed successfully

sudo make install
# make sure it completed successfully

# install firehol
cd ../firehol.git

./autogen.sh
# make sure it completed successfully

./configure --prefix=/usr --sysconfdir=/etc --disable-man --disable-doc
# make sure it completed successfully

make
# make sure it completed successfully

sudo make install
# make sure it completed successfully

# Create the default RUN_PARENT_DIR='/usr/var/run' who is set in '/etc/firehol/update-ipsets.conf'
mkdir -p /usr/var/run

The above installs the development version of FireHOL on your computer, which includes the latest update-ipsets.

To run it, use something like this:

# enable an ip list
update-ipsets enable dshield

# update all enabled lists
update-ipsets

Keep in mind update-ipsets supports running as both root and any normal user.

Check Downloading IP Lists to learn how to use it.

Add a custom footer
Add a custom sidebar
Clone this wiki locally