Question: RE: IP Set Extra script - cron portion

I've been using the IP Sets by DNS for firewall filtering which is based from this docs:

This in turn uses the IP Set Extra script

Currently the script includes setting up a cron scheduled every 3 hours which calls the ipset setup.

Now my question is, is there a better way to update the IP Sets without really restarting the firewall (which the scripts does automatically)? Or a once a day or once a week schedule would be better?

Right now, i've change my schedule to once a day in the early morning.

The issue is actually the "firewall restart" call which stops/drops all outside network activity somehow on all of my setups (including test setups). So for example, we are streaming a movie, when the script runs, the stream stops because technically the connection got dropped after the firewall restart.

1 Like

Pinging @vgaetera .. hehe sorry for the ping but what's your take on this?

Ok.. just in case somebody else comes across this.. I did a minor change in the /etc/profile.d/, instead of calling /etc/init.d/firewall restart changed it to just do a reload

line 12: /etc/init.d/firewall reload ;;
1 Like

Thanks for the feedback, it sounds reasonable, I will take a look.

A service restart was required as the earlier implementation did not update IP sets on reload.
However, it should now work with the current method of loading IP sets from a file.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.