update archlinux notes page

main
Dominic Reich 6 months ago
parent 3ff942f621
commit fcf857b0fe
Signed by: dominic
GPG Key ID: BC9D6AE1A3BE169A

@ -1,7 +1,7 @@
--- ---
title: Archlinux title: Archlinux
date: 2023-11-29T20:33:48+0100 date: 2023-11-29T20:33:48+0100
lastmod: 2024-05-09T12:29:13+0000 lastmod: 2024-05-26T06:31:47+0000
tags: tags:
- archlinux - archlinux
@ -104,6 +104,35 @@ wifi.backend=iwd
dhcp=dhcpcd dhcp=dhcpcd
~~~ ~~~
## Blocking IPs from a list with ipset
Using [ipset](https://wiki.archlinux.org/title/Ipset) should increase performance
on the box, also using the raw table should not create useless states as for what
I understand from the source article on
[serverfault.com](https://serverfault.com/a/823336).
~~~console
$ sudo ipset -N badips iphash
$ while read ip; do sudo ipset -A badips "$ip"; done < blocked.txt
$ sudo iptables -t raw -I PREROUTING -m set --match-set badips src,dst -j DROP
$ sudo iptables-save -f /etc/iptables/iptables.rules
~~~
Enable iptables in case it is not running yet.
~~~console
$ sudo systemctl enable --now iptables.service
~~~
Also make the ipset configuration persistent:
~~~console
$ sudo ipset save -file /etc/ipset.conf
$ sudo systemctl enable ipset.service
~~~
Reboot to test its persistency.
## Do not manage one specific USB dongle ## Do not manage one specific USB dongle
`99-unmanaged-devices.conf`: `99-unmanaged-devices.conf`:

Loading…
Cancel
Save