Highest Voted 'ipset' Questions - Unix and Linux Stack Exchange

8

votes

4 answers

How to import multiple ip's to Ipset?

I am using iptables with ipset on an Ubuntu server firewall. I am wondering if there is a command for importing a file containg a list of ip's to ipset. To populate an ipset, right now, I am adding each ip with this command: ipset add…

asked Nov 02 '17 at 05:14

byte00

83
1
1
5

7

votes

4 answers

iptables rules not reloading on CentOS 6.x

I have one single ipset added to my iptables on a CentOS 6.x box and this rule is lost when the machine reboots. I've found this answer showing how to make a Ubuntu system reload the iptables rules after a reboot but this directory is not present on…

centos iptables firewall reboot ipset

asked Apr 08 '13 at 08:50

Duck

4,434
19
51
64

7

votes

1 answer

Is there a way to match an inet and inet6 IP set in a single rule?

Is it possible to have one IPv4 and one IPv6 IP set (ipset(8)) within the same rule? I have several rules that depend on one set of IPv4 addresses and another set of IPv6 addresses respectively, but are otherwise identical. I should add that there…

iptables ipset

asked Jun 05 '14 at 02:48

0xC0000022L

16,189
24
102
168

5

votes

1 answer

How to combine connlimit with IP sets?

connlimit lets me limit the number of connections per client/service. How would I go about to combine such a rule with the IP sets available in more recent versions of the Linux kernel and netfilter?

iptables ipset netfilter

asked Jan 07 '15 at 14:44

0xC0000022L

16,189
24
102
168

5

votes

2 answers

Can iptables rules manipulate IP sets?

In iptables-extensions(8) the set module is described and it is discussed that it is possible to react to the presence or absence of an IP or more generally a match against an IP set. However, it does not seem that there is a way to append items to…

linux iptables firewall ipset

asked May 25 '14 at 21:42

0xC0000022L

16,189
24
102
168

5

votes

1 answer

How can I let ipset entries "age"?

I am trying to establish a whitelist of clients that have successfully logged into the system, using ipset. What options do I have to let an entry age so that I can later discard it based on its age? Is there a better method than the idea outlined…

firewall ipset

asked May 23 '14 at 18:30

0xC0000022L

16,189
24
102
168

3

votes

2 answers

iptables... blocking a range without flooding ipset set with IPs

I have this range of IPS 197.192.x.x that is brute force attacking my pop/imap/smtp servers day after day. I have this ipset in place that is blocking every IP that tries to hack on my server. I would like to block access for pop/smtp/imap for all…

ipset

asked Apr 30 '13 at 19:58

Duck

4,434
19
51
64

3

votes

1 answer

how to addfile to ipset in shell script?

This is my ipset shell script file like this #!/bin/bash for IP in $(wget -O /var/geoiptest.txt http://www.ipdeny.com/ipblocks/data/countries/{ad,ae,af}.zone) do # ban everything - block country sudo ipset add geo /var/geoiptest.txt done i think…

shell-script iptables ipset

asked Dec 24 '16 at 07:10

Dani

37
2
7

2

votes

2 answers

ipset accounting information

I know that iptables keeps accounting information for ip traffic blocked or passed. However, it appears that when using ipsets with iptables, the accounting information is aggregated for the entire set. Is there any way of finding accounting…

iptables ipset

asked Oct 18 '13 at 17:49

sheetzam

21
1

2

votes

1 answer

iptables is not blocking

I have a script running every minute by a crontab. This script scans the system logs and grabs the IPs of every failed attempt to login on the server's dovecot, exim or ssh and add them to an ipset, blocking that IP forever. The problem is this:…

iptables ipset

asked Apr 08 '13 at 07:21

Duck

4,434
19
51
64

2

votes

1 answer

Using iptables to block for specific services

I am using ipset in conjunction with iptables to create a list of IPs I want to block. I did this: ipset -N blocking iphash ipset -A blocking 124.205.11.230 // and repeated this line for all IPs I want to add to "blocking" list now I have to add…

iptables dovecot ipset

asked Feb 17 '13 at 22:34

Duck

4,434
19
51
64

2

votes

1 answer

How do I fix this error: "ipset v6.11: Hash is full, cannot add more elements"

When I run the update script for voipbl manually, I get this error from ipset: ipset v6.11: Hash is full, cannot add more elements. I am running it manually because some IPs that are on the blacklist seem to still be getting through the firewall.…

iptables hashsum voip ipset

asked Jun 06 '19 at 19:00

d10nte

39
1
6

2

votes

1 answer

Forward traffic to virtual interface based on source IP address dynamically using iptables

I'm experimenting DNS server setup that reply different results based on source IP address. and the same time I need to dynamically change what interface external source ip should forward, eth0 physical inteface 192.168.1.10 eth0: virtual…

iptables bind nat forwarding ipset

asked Dec 29 '17 at 16:02

sameera

304
1
5
14

2

votes

1 answer

with firewalld is it possible to use an invert ipset as source?

with firewalld I can make a rule like this: (note the invert="True") firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.100.0/24" invert="True" drop' and I can specify that for certain sources I need them…

fedora firewalld ipset

asked Feb 21 '17 at 17:35

mike-m

525
1
4
11

2

votes

0 answers

Match-set via libiptc

Could anyone share any examples that use match-set for iptables via the libiptc library? I have tried using the iptables v1.4.21 and the code from https://bani.com.br/2012/05/programmatically-managing-iptables-rules-in-c-iptc/ However this does not…

iptables netfilter ipset

asked Nov 12 '16 at 05:21

Renjith Regi

41
1

Questions tagged [ipset]