informatique:nix:linux:linux_traffic_per_ip:trafic_par_ip

Ceci est une ancienne révision du document ! 

ipset create idrive hash:net counters
ipset add idrive 185.20.71.0/24
ipset add idrive 207.199.149.0/24
ipset list idrive
ipset save > /etc/ipset.conf
cat << EOF > /etc/systemd/system/ipset-persistent.service
[Unit]
Description=ipset persistent configuration
Before=network.target

# ipset sets should be loaded before iptables
# Because creating iptables rules with names of non-existent sets is not possible
Before=netfilter-persistent.service
Before=ufw.service

ConditionFileNotEmpty=/etc/ipset.conf

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/ipset restore -exist -file /etc/ipset.conf
# Uncomment to save changed sets on reboot
# ExecStop=/sbin/ipset save -file /etc/ipset.conf
ExecStop=/sbin/ipset flush
ExecStopPost=/sbin/ipset destroy

[Install]
WantedBy=multi-user.target

RequiredBy=netfilter-persistent.service
EOF

systemctl enable ipset-persistent.service
iptables -I INPUT -m set --match-set idrive src -j ACCEPT
iptables -L -v -n -x|grep idrive
You may run systemctl edit telegraf.service and add the following:

[Service]
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
  • informatique/nix/linux/linux_traffic_per_ip/trafic_par_ip.1762435506.txt.gz
  • Dernière modification : 2025/11/06 13:25
  • de ben