Example Usage
# our wan interface
wan="dsl0"
# our whitelist
ipset4 create whitelist hash:net
ipset4 add whitelist A.B.C.D/E # A.B.C.D/E is whitelisted
# subnets - netsets
for x in fullbogons dshield spamhaus_drop spamhaus_edrop
do
ipset4 create ${x} hash:net
ipset4 addfile ${x} ipsets/${x}.netset
blacklist4 full inface "${wan}" log "BLACKLIST ${x^^}" ipset:${x} \
except src ipset:whitelist
done
# individual IPs - ipsets
for x in feodo palevo sslbl zeus openbl blocklist_de
do
ipset4 create ${x} hash:ip
ipset4 addfile ${x} ipsets/${x}.ipset
blacklist4 full inface "${wan}" log "BLACKLIST ${x^^}" ipset:${x} \
except src ipset:whitelist
done
... rest of firehol.conf ...