Hello, I have had a 'hybrid' firewall setup largely based on firewalld
(backend=iptables) where I add some iptables rules after the firewalld rules have loaded
(which is an ugly and fragile setup).
During my attempts to integrate everything into the firewalld framework to get rid of the
ugly manual iptables rules adding, I run into a problem with an ipset that is used.
I would like to add an ipset of the type bitmap:port to the firewalld configuration so it
can be used as part of some rich rules I will be creating. The ipset will contain a bunch
of (tcp) ports that will cause a rule to create logging every time any of those
destination ports see network traffic. The idea is to have a tripwire/'honeypot'
facility to become aware of attempts to connect to ports like 23(telnet) and 443 (https)
etc., but for a very long, and regularly changing list of ports.
As is clear per "firewall-cmd --get-ipset-types" this ipset type is not
supported. IS there any way to 'integrate' my intended rich rules which depend on
an bitmap:port type ipset?