Highest Voted 'ipset' Questions - Server Fault Stack Exchange

1

vote

3 answers

IPTables add an IP to IPSet list

How to correctly add an IP address to ipset from an iptables rule? Or isn't that possible at all? This rule doesn't work for me: -A INPUT -m recent --name IP_LIST --set Type of IP_LIST is hash:net IP_LIST was created using command ipset create…

asked May 11 '13 at 20:47

RIscRIpt

33
1
5

1

vote

1 answer

Using Ipset and Iptables for MAC address filtering

I use MAC address filtering on my Linux router. Here is what I have done: iptables -A INPUT -i eth5 -m mac --mac-source 00:07:e9:84:2b:99 -j RETURN #User: Someuser iptables -A INPUT -i eth5 -j DROP But the Iptables rule list is huge with more than…

iptables mac-address ipset

asked May 08 '12 at 03:13

nixnotwin

1,543
5
35
55

1

vote

0 answers

Where do I find all the ipset options?

Where do I find all the ipset options (ipset v7.15)?. man ipset online are not all. I didn't find them on the command line either, by running: man ipset ipset --help For example this options: ipset -A ipset -F ipset -N # maybe more options In…

linux ipset ubuntu-22.04

asked Nov 17 '22 at 00:27

acgbox

376
1
5
21

1

vote

0 answers

How to combine ipset IPv4 and IPv6 configurations

I'm running Arch Linux and referring to Simple stateful firewall - ArchWiki. I have two different bash scripts for creating my iptables rules: one for IPv4 and another for IPv6. Each creates one or more ipset hash lists (sets) using the appropriate…

iptables ipv6 ipset

asked Oct 16 '21 at 18:11

MountainX

701
3
12
25

1

vote

0 answers

iptables - how does one use multiple prerouting sources to force dns traffic through a particular IP?

I know this question has been asked historically, but the answers I have yet to find are not all too helpful in this one niche use case. I currently have one router running DD-WRT on 192.168.0.1, one router connected to the previous with IP…

networking domain-name-system iptables router ipset

asked Oct 13 '21 at 18:50

David Moore

11
2

1

vote

1 answer

Ratelimit IPs for UDP traffic in ipset list before being sent over GRE tunnel

I am using nat DNAT to forward traffic on a certain port to another Centos server over a GRE tunnel however I want to rate limit a bunch of datacenter IPs I have in a ipset list 'blacklist'. So that the traffic outputted to the tunnel is rate…

centos iptables rate-limiting ipset

asked Aug 29 '21 at 15:40

Rushy

21
5

1

vote

0 answers

ipset or iptables keeps crashing my server?

I'm trying to work out why this keeps crashing my server. Weirdly, the server stays up - but nothing can be reached (FTP, Apache, nginx, emails etc). The script is: #!/bin/bash ipset -q flush maltrailoutgoing ipset -q create maltrailoutgoing…

iptables ipset

asked Oct 02 '20 at 17:02

Andrew Newby

1,102
2
25
58

1

vote

1 answer

ipset rules on iptables do not match

I want to block all ip Adresses except from a specific country. So i installed ipset and downloaded the ip range list from ipdeny.com and did this: ipset create allow-list hash:net for i in $( cat /home/pi/firewall/country-aggregated.zone ); do sudo…

iptables firewall ipset country

asked Sep 02 '20 at 13:54

Samhamsam

51
6

0

votes

1 answer

ipset iptables drop all exclude ports but via rate limit

I have simple ipset map to track suspicious ips. These my commands: ipset flush ipset -q destroy banlists ipset create banlists hash:ip comment family inet hashsize 2048 maxelem 1048576 timeout 300 And i tell iptables to drop if matched in…

iptables http ddos rate-limiting ipset

asked Oct 01 '19 at 09:52

Mohammad Hossein Fattahizadeh

471
1
9
27

0

votes

1 answer

Misunderstanding with configuring iptables

It is possible to create iptables logic in such way? accept ssh,http,https drop connection if such ip is already connected (only 1 connection per ip / 1 second). put to blacklist (ipset I guess) if there is more than 50 connections per ip / 1…

iptables ddos ipset

asked Aug 21 '19 at 06:34

966p

103
2

0

votes

1 answer

Add ip to ipset with port

I would like to block IPs when connectioning on a given port, e.g. 1.1.1.1 on port 443. I create the ipset like this: sudo ipset -N blockdaily nethash maxelem 2500000 I can add an IP to it like this: add blockdaily 1.1.1.1 But when I try and block…

iptables ipset

asked May 29 '19 at 13:29

Kohjah Breese

171
2
13

0

votes

2 answers

How to update an ipset name-based entry

I need to handle on my firewall (Firehol, which is then transformed into iptables) a few dynamic entries. In an ideal world I would use a name (instead of an IP address) which always points to the right IP but this does not work (for good…

iptables firewall ipset

asked Aug 02 '18 at 11:25

WoJ

3,607
9
49
79

0

votes

1 answer

ipset loaded from file?

how to load ipset definition (one setname or more) on reboot from certain file ? for example I have ssh access to linuxbox and want to update setname periodically that way that I have one simple textfile for each setname that will be modified…

iptables ipset

asked Mar 04 '18 at 19:28

Peter Maly

31
2
6

0

votes

1 answer

centos firewalld ipset blacklist ip cidrs on specific ports

I found this link regarding how to set up a blacklist xml file for firewalld: ipset instructions Clear enough, but I don't want to drop access for all ports, just 80 and 443. Suggestions? (BTW the firewalld forum doesn't seem to be adding new…

centos firewalld ipset

asked Dec 16 '17 at 04:24

gariac

46
1
8

0

votes

1 answer

fail2ban create jail failed

I have debian jessie, with fail2ban v0.8.13 and virtualmin. I use iptables but firewallD was install and uinstall maybe it's the problem.... the problem is: the think for all Jail 2017-09-20 11:33:45,474 fail2ban.actions.action[17998] INFO HINT…

iptables fail2ban firewalld ipset

asked Sep 20 '17 at 09:47

chrystophe

3
3

Questions tagged [ipset]