+++ This bug was initially created as a clone of Bug #888571 +++
Hi,
The original bug listed above was for RHEL6. I have recently discovered that there is no systemd service file nor a loading script for ipset for RHEL7.
It would be very handy to have a proper framework for saving IP sets and loading them via ipset at boot, as my iptables rules depend on the sets, and currently the firewall fails to start since no sets exist at boot.
Personally I have a simple setup. I download IP lists from an RBL site and load them via cron once per day.
I have 2 sets. One for IPv4 and one for IPv6. I match ip4-block set in iptables and ip6-block set in ip6tables.
Because these sets don't exist at boot, both services fail to start.
[root@jump ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Mon Nov 21 23:06:55 2016
*raw
:PREROUTING ACCEPT [395:51283]
:OUTPUT ACCEPT [212:32052]
-A PREROUTING -i eth0 -m set --match-set ip4-block src -j DROP
COMMIT
# Completed on Mon Nov 21 23:06:55 2016
# Generated by iptables-save v1.4.21 on Mon Nov 21 23:06:55 2016
*filter
-------snip-------
[root@jump ~]# cat /etc/sysconfig/ip6tables
COMMIT
# Completed on Mon Nov 21 23:06:59 2016
# Generated by ip6tables-save v1.4.21 on Mon Nov 21 23:06:59 2016
*raw
:PREROUTING ACCEPT [99:35695]
:OUTPUT ACCEPT [105:42767]
-A PREROUTING -i eth0 -m set --match-set ip6-block src -j DROP
COMMIT
# Completed on Mon Nov 21 23:06:59 2016