Ipset : minimal version for old kernels

Use fail2ban is a good way to have active secuity checks in your system, but if you are limited to an old kernel how could you avoid probems due to incompatibility ?

A solution could be using a fake ipset supporting only del and add actions.

Create file /usr/local/bin/ipset and paste into it the following code:

Execute chmod +x /usr/local/bin/ipset to make the file executable.

Now you can search for the real ipset command and replace it with the minimal version:

find /bin -name ipset -exec mv /bin/ipset /bin/ipset-old \; -exec ln -s /usr/local/bin/ipset /bin/ipset \;
find /sbin -name ipset -exec mv /bin/ipset /sbin/ipset-old \; -exec ln -s /usr/local/bin/ipset /sbin/ipset \;
find /usr/bin -name ipset -exec mv /usr/bin/ipset /usr/bin/ipset-old \; -exec ln -s /usr/local/bin/ipset /usr/bin/ipset \;
find /usr/sbin -name ipset -exec mv /usr/sbin/ipset /usr/sbin/ipset-old \; -exec ln -s /usr/local/bin/ipset /usr/sbin/ipset \;

Leave a comment