[Firehol-support] Dynamic hosts (eg no-ip) and fail2ban

[Tsaousis, Costa]

> Ok. but I can use hostnames like eg sub.mydomain.com with ipsets?

Yes, you have to resolve them first though. iprange does this.


> The link: https://github.com/ktsaou/firehol/blob/master/contrib/update-ipsets.sh on the page: https://github.com/firehol/firehol/wiki/Working-with-IPSETs is dead. I google around a bit and am sure I am just missing this but am having trouble finding this script.

Thanks! I fixed the link.
However, it is installed with firehol v3 (the github version).


> So I am not sure how to actually update the ipset I have dynamically. Maybe I could build a second ipset and using 'ipset swap’? But it seems to be from the instructions below that I should use update-upsets?

ok.

1. Install firehol v3 (this will also require from you to install
iprange). If you don't know how to do it, follow this procedure:
https://github.com/firehol/blocklist-ipsets/wiki/Installing-update-ipsets

2. Create a new file called /etc/firehol/ipsets/myhostsnames.source
Put there any hostnames you like.

3. To resolve its contents to IPs you have to configure update-ipsets
(https://github.com/firehol/blocklist-ipsets/wiki/Extending-update-ipsets).
Briefly:

a. create the file  /etc/firehol/ipsets.d/myhostname.conf
b. using this content (copy and paste it):

# update its timestamp, to force reprocessing
touch /etc/firehol/ipsets/myhostsnames.source

# configuration about the list
update myhostnames 1 0 ipv4 ip "" hostname_resolver "category" "some
info about the list" "your name" "a url for info for the list"

c. run:

update-ipsets enable myhostnames

d. check it with (this is also the command you need to put at cron):

update-ipsets

If successful, the file /etc/firehol/ipsets/myhostnames.ipset should
be there with all the IPs.

4. In firehol.conf use

ipset4 MYHOSTNAMES addfile ipsets/myhostnames.ipset

and later in server/client/nat statements: src ipset:MYHOSTNAMES