|
|
|
|
@ -1,7 +1,7 @@
|
|
|
|
|
---
|
|
|
|
|
title: Archlinux
|
|
|
|
|
date: 2023-11-29T20:33:48+0100
|
|
|
|
|
lastmod: 2024-05-09T12:29:13+0000
|
|
|
|
|
lastmod: 2024-05-26T06:31:47+0000
|
|
|
|
|
tags:
|
|
|
|
|
- archlinux
|
|
|
|
|
|
|
|
|
|
@ -104,6 +104,35 @@ wifi.backend=iwd
|
|
|
|
|
dhcp=dhcpcd
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
## Blocking IPs from a list with ipset
|
|
|
|
|
|
|
|
|
|
Using [ipset](https://wiki.archlinux.org/title/Ipset) should increase performance
|
|
|
|
|
on the box, also using the raw table should not create useless states as for what
|
|
|
|
|
I understand from the source article on
|
|
|
|
|
[serverfault.com](https://serverfault.com/a/823336).
|
|
|
|
|
|
|
|
|
|
~~~console
|
|
|
|
|
$ sudo ipset -N badips iphash
|
|
|
|
|
$ while read ip; do sudo ipset -A badips "$ip"; done < blocked.txt
|
|
|
|
|
$ sudo iptables -t raw -I PREROUTING -m set --match-set badips src,dst -j DROP
|
|
|
|
|
$ sudo iptables-save -f /etc/iptables/iptables.rules
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Enable iptables in case it is not running yet.
|
|
|
|
|
|
|
|
|
|
~~~console
|
|
|
|
|
$ sudo systemctl enable --now iptables.service
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Also make the ipset configuration persistent:
|
|
|
|
|
|
|
|
|
|
~~~console
|
|
|
|
|
$ sudo ipset save -file /etc/ipset.conf
|
|
|
|
|
$ sudo systemctl enable ipset.service
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Reboot to test its persistency.
|
|
|
|
|
|
|
|
|
|
## Do not manage one specific USB dongle
|
|
|
|
|
|
|
|
|
|
`99-unmanaged-devices.conf`:
|
|
|
|
|
|
