Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make ipset type configurable #211

Merged
merged 2 commits into from
Oct 20, 2022
Merged

make ipset type configurable #211

merged 2 commits into from
Oct 20, 2022

Conversation

jakobwenzel
Copy link
Contributor

Currently, the type of ipset is hardcoded to be nethash. This type is not supported by the kernel in my Synology DS218+:

INFO[01-10-2022 20:58:58] ipset set-up : /usr/sbin/ipset -exist create crowdsec-blacklists nethash timeout 300
FATA[01-10-2022 20:58:58] iptables init failed: error while creating set : exit status 1 --> ipset v7.15: Kernel error received: set type not supported
FATA[01-10-2022 20:58:58] iptables init failed: error while creating set : exit status 1 --> ipset v7.15: Kernel error received: set type not supported

@zmeel seems to have run into the same issue: #32 (comment)

This PR introduces a configuration switch to allow the user to select an ipset type, while still defaulting to nethash. I'm not sure which other set type is optimal for my Synology, but with this PR applied, adding

ipset_type: hash:ip

to the config file makes the bouncer work.

@LaurenceJJones
Copy link
Contributor

Hey thank you opening a PR! I will check this out soon.

@LaurenceJJones LaurenceJJones merged commit 0adc780 into crowdsecurity:main Oct 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@buixor buixor buixor approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jakobwenzel @LaurenceJJones @buixor