proofreading

5269f7ce · Thomas Capricelli · 58c87d3e73d0 · 45e4c3fc
Commit 5269f7ce authored Sep 16, 2022 by Thomas Capricelli
--- a/blockers/linux-ipset/README.rst
+++ b/blockers/linux-ipset/README.rst

 Code in this directory will fetch 'bad' IPs from the server and add them to ipset 'sets'. We
-use one for IPv4 and one for IPv6.
+use one set for IPv4 and one for IPv6.

 The proper setup is the following
-* those sets are created, typically by init scripts at boot. How to do that depends on your distribution
-* configure iptables to USE those sets. Again, this is distribution dependant.
-* this script will fill those two sets by querying the botfreak server
+
+* Those sets are created, typically by init scripts at boot. How to do that depends on your distribution.
+* Configure iptables to USE those sets. Again, this is distribution dependant.
+* This script will fill those two sets by querying the botfreak server.

 Creating the sets
 -----------------
-The kernel must be compiled with ipset support for hash:ip
+The kernel must be compiled with ipset support for hash:ip::
+
    CONFIG_IP_SET
    CONFIG_IP_SET_HASH_IP
    CONFIG_NETFILTER_XT_SET

-And you need to create two sets:
+And you need to create two sets::
+
    ipset create botfreak-ipv4 hash:ip family inet maxelem 5000000
    ipset create botfreak-ipv6 hash:ip family inet6 maxelem 5000000

@@ -22,23 +25,23 @@ The botfreak blocker will check for those before doing anything else, reports, a

 Blocking traffic
 ----------------
-(for those sets)
+(for those sets)::

-iptables -A INPUT -i $EXTERNAL_INTERFACE -m set --match-set botfreak-ipv4 src -j DROP
-ip6tables -A INPUT -i $EXTERNAL_INTERFACE -m set --match-set botfreak-ipv6 src -j DROP
+    iptables -A INPUT -i $EXTERNAL_INTERFACE -m set --match-set botfreak-ipv4 src -j DROP
+    ip6tables -A INPUT -i $EXTERNAL_INTERFACE -m set --match-set botfreak-ipv6 src -j DROP

 Gentoo
 ------
-Put those 4 lines in a file /etc/local.d/botfreak.start
+Put those previous 4 lines (creating/blocking)in a file /etc/local.d/botfreak.start

 Resetting
 ---------
-If for some reason you want to reset the sets, perform the following steps:
+If for some reason you want to reset the sets, perform the following steps::

-* stop the blocker:
+    # stop the blocker:
    supervisorctl stop botfreak-blocker-ipset
-* empty the ipsets:
+    # empty the ipsets:
    ipset flush botfreak-ipv4
    ipset flush botfreak-ipv6
-* restart the blocker:
+    # restart the blocker:
    supervisorctl start botfreak-blocker-ipset