Ipset_shorewall is a script designed for Shorewall firewall, enabling its use with ipset, for smarter, more automated filtering control.
Previously, using Shorewall firewall to grant access to a set of clients ($ADMIN_PROJECT) for a single server (ADM_PROJECT0n), required you to define multiple iptables rules in the /etc/shorewall/rules file. However, this led to the creation of an undesirable number of rules, leading to Shorewall to operate slower than expected.
The ipset_shorewall script simplifies the process by creating a new file in /etc/shorewall/rules_ipset, where a sole iptables rule is sufficient to define access for all clients and servers. It replaces more than 12,000 iptables rules with a mere 400 iptables rules, leading to quick restarts and enhanced performance for Shorewall.
Using the script requires Shorewall (3.2 sh-based) and patching the kernel with ipset. One may also need various modules such as Arrays_tools, File::Basename, Data::Validate::IP, Tie::File, Acme-Comment, and Term::ANSIColor, all of which can be downloaded for free from the internet.
In conclusion, ipset_shorewall is an effective solution for those looking to manage their iptables rules more intelligently. Its ability to reduce rules volume in Shorewall and provide easy access to dynamic filtering features is noteworthy. The only downside is its reliance on older versions of Shorewall, limiting the number of users who can take advantage of it.
Version -: N/A