Forge Home


Module to install IPSets, part of firehol. Use for collecting blacklists.


5,820 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.2 (latest)
  • 1.0.1
  • 1.0.0
released Jan 21st 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x
  • Puppet >= 5.0.0 < 7.0.0
  • , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'zyronix-ipsets', '1.0.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add zyronix-ipsets
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install zyronix-ipsets --version 1.0.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



zyronix/ipsets — version 1.0.2 Jan 21st 2019

Build Status


Table of Contents

  1. Description
  2. Setup - The basics of getting started with ipsets
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module


This module installs IPSets, which is part of Firehol. IPsets is a script called: update-ipsets which download ipsets or blacklist on the internet. Those IPSets can be used to analyse logfile. For example during analyse of an attack it might be interested to compare IPs with IPs on black lists. Besides blacklists there are also IPsets of information sources. For example the IPs of Google. Using those IPs it becomes easier to analyse log files.

Basically it setup up a selfhosted:

This module helps you to install everything for this.


What ipsets affects

With the default settings it will install ipsets from source, run as the user ipsets and configures apache aswell.

Setup Requirements

The only requirement that is there is if you enable SSL and let this module configure the webserver that SSL certicates are available. This is not the case for Redhat / CentOS.

Create self signed certificates using:

mkdir -p /etc/ssl/private
chmod 700 /etc/ssl/private
/etc/ssl/certs/make-dummy-cert /etc/ssl/private/cert.pem
chmod 600 /etc/ssl/private/cert.pem

Now configure ipsets to use the file:

class {'ipsets':
  ssl_cert => '/etc/ssl/private/cert.pem',
  ssl_key  => '/etc/ssl/private/cert.pem',

Beginning with ipsets

To use ipsets just include ipsets:

include ipsets

Now everything should be setup, you still have to enable sources.

# login on the machine
su - ipsets
update-ipsets enable dshield
update-ipsets enable firehol_level1
update-ipsets -s

This is the minimal setup needed. The module has set up everything to update every 9 minutes.

A beter setup is to enable all sources:

# login on the machine
su - ipsets
update-ipsets --enable-all

This will take a lot of time and will cause a lot of resources (network and diskspace ~30GB)


More advanced

Some more of the advanced parameters. For example when you have enable all sources it might be beter to place all the data on a different disk. The only way to do this is to set the home directory of the user to the new disk. In our example '/data'.

class {'ipsets':
  user          => 'testuser',
  group         => 'testgroup',
  webroot       => '/var/www/here',
  user_home     => '/data',

Export IPSets

When all the sources have been downloaded it might be handy to download all the sources at once. For this the export function is available, but this is disabled by default.

The export function export all the source every 9 minutes aswell and places them as a tar in the webroot folder.

class {'ipsets':
  export_enable => true,

In case you want to stop exporting a specify source, you can use the export_exclude defined_type. To disable dshield in the export:

ipsets::export_exclude { 'dshield*': 
  description => 'Reason why you want to exclude it',

Adding additional ipsets

You might want to add additional ipsets, for this use the ip_list defined type:

ipsets::ip_list { 'dshield': 
  mins           => 5,
  aggregation    => 0,
  keep           => 'both',
  url            => '',
  processor      => trim,
  category       => 'attack',
  info           => 'Dshield blocklist',
  maintainer     => 'Internet Storm Shield',
  maintainer_url => '',


Not yet tested running under the root user.


This module uses PDK, so make sure all the unit test pass and validation pass. Make sure you written new tests for your code and if required any additional documentation. Also remember to generate new file (using puppet strings generate --format markdown).