Difference between revisions of "Ipset"
(remove language suffix from Category:Security (English), see Talk:Table of Contents#English Category Names: Capitalization and Conflict with i18n)
(Template:i18n is deprecated, use interlanguage links, see Help talk:I18n#"Dummy" interlanguage links and deprecation of Template:i18n)
|(One intermediate revision by the same user not shown)|
|Line 1:||Line 1:|
Revision as of 17:24, 13 June 2012
Blocking a list of addresses
Start by creating a new "set" of network addresses. This creates a new "hash" set of "net" network addresses named "myset".
# ipset create myset hash:net
Add any IP address that you'd like to block to the set.
# ipset add myset 188.8.131.52/12 # ipset add myset 184.108.40.206/13 # ipset add myset 220.127.116.11/15
Finally, configure iptables to block any address in that set. This command will add a rule to the "INPUT" chain to "-m" match the set named "myset" from ipset (--match-set) when it's a "src" packet and "DROP", or block, it.
# iptables -I INPUT -m set --match-set myset src -j DROP
To view the sets:
# ipset list
To delete a set named "myset":
# ipset destroy myset
To delete all sets:
# ipset destroy
Please see the man page for ipset for further information.