Difference between revisions of "Ipset"

From ArchWiki
Jump to: navigation, search
m (minor style fixes)
(5 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[Category:Security (English)]]
[[Category:Networking (English)]]
Line 15: Line 14:
== Installation ==
== Installation ==
A [https://aur.archlinux.org/packages.php?ID=16553 package for ipset] can be installed from the [[AUR]].
[[pacman|Install]] {{pkg|ipset}} from the [[Official Repositories]].
== Configuration ==
== Configuration ==

Revision as of 17:24, 13 June 2012

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: please use the first argument of the template to provide a brief explanation. (Discuss in Talk:Ipset#)
Summary help replacing me
Information regarding the setup and configuration of ipset.

ipset is a companion application for the iptables Linux firewall. It allows you to setup rules to quickly and easily block a set of IP addresses, among other things.


Install ipset from the Official Repositories.


Blocking a list of addresses

Start by creating a new "set" of network addresses. This creates a new "hash" set of "net" network addresses named "myset".

# ipset create myset hash:net

Add any IP address that you'd like to block to the set.

# ipset add myset
# ipset add myset
# ipset add myset

Finally, configure iptables to block any address in that set. This command will add a rule to the "INPUT" chain to "-m" match the set named "myset" from ipset (--match-set) when it's a "src" packet and "DROP", or block, it.

# iptables -I INPUT -m set --match-set myset src -j DROP

Other Commands

To view the sets:

# ipset list

To delete a set named "myset":

# ipset destroy myset

To delete all sets:

# ipset destroy

Please see the man page for ipset for further information.