Hi,
I accidentally found out, that
/usr/share/firewall/turris-download
doesnt load ipsets anymore.
Seems that https://api.turris.cz/firewall/turris-ipsets.gz is not anymore updated/exists.
Could someone told me, where I could download current ipsets for my Omnia? Thanks.
EDIT: I found propably new python script doin the same thing within project Sentinel. After installing dependencies, It creates ipset SET (turris-dynfw for example, as systemd script implies), but it kinda missing functionality of setting iptables REJECT record of it (as /usr/share/firewall/turris did before) to actually reject those incoming connections.
Am I missing something?
EDIT2: I think after adding
/usr/sbin/iptables -I input_wan_rule -m conntrack --ctstate NEW -m set --match-set <SET> src -m mark ! --mark 0x10/0x10 -j DROP
it should be OK.