ipset create idrive hash:net counters ipset add idrive 185.20.71.0/24 ipset add idrive 207.199.149.0/24 ipset list idrive ipset save > /etc/ipset.conf cat << EOF > /etc/systemd/system/ipset-persistent.service [Unit] Description=ipset persistent configuration Before=network.target # ipset sets should be loaded before iptables # Because creating iptables rules with names of non-existent sets is not possible Before=netfilter-persistent.service Before=ufw.service ConditionFileNotEmpty=/etc/ipset.conf [Service] Type=oneshot RemainAfterExit=yes ExecStart=/sbin/ipset restore -exist -file /etc/ipset.conf # Uncomment to save changed sets on reboot # ExecStop=/sbin/ipset save -file /etc/ipset.conf ExecStop=/sbin/ipset flush ExecStopPost=/sbin/ipset destroy [Install] WantedBy=multi-user.target RequiredBy=netfilter-persistent.service EOF systemctl enable ipset-persistent.service /usr/lib/systemd/system/telegraf.service [Service] CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN iptables -I INPUT -m set --match-set idrive src -j ACCEPT iptables -L -v -n -x|grep idrive