Highest Voted 'ipset' Questions - Server Fault Stack Exchange

4

votes

1 answer

Why FirewallD is not blocking IPs with 'reject' rules?

My setup is the follow: fail2ban with some jails (working fine) using FirewallD to block the caught IPs. Here is my default Firewall: myzone target: default icmp-block-inversion: no interfaces: sources: services: rcsa dhcpv6-client http…

asked Jan 28 '19 at 17:43

acs-f

41
2

4

votes

1 answer

Can I use iptables to rate limit an ipset?

Is it possible to use iptable tables to rate limit an ipset ? I know you can use ipset to create a block list named blacklist i.e. ipset create blacklist hash:ip iptables -I INPUT -m set --match-set blacklist src -j DROP ipset add blacklist…

iptables ipset

asked Apr 29 '14 at 06:30

p4guru

963
1
8
15

4

votes

0 answers

IPsets in FirewallD with Nftables backend

I upgraded my server to Fedora 32. Firewalld has switched the backend to Nftables. My setup is pretty simple. Just HTTP, HTTPS, SSH, SMTP ports open and multiple IPsets (IPv4, IPv6) to block a preset list of IP addresses. Earlier I used to do…

fedora firewalld nftables ipset firewalld-zone

asked Jun 05 '20 at 14:52

user213598

3

votes

1 answer

How to block both IPv4 and IPv6 with ipset on Ubuntu 16.04?

So I have the following script that blocks IPs: #!/bin/bash # here's your list of IPS CURRENT_BL=/path/to/my/ip_black_list.txt # create/flush recreate the tables iptables -F BLACKHOLE iptables -N BLACKHOLE for BAD_IP in $(cat $CURRENT_BL) do …

ubuntu iptables ipset

asked Feb 21 '19 at 08:05

Emmanuel-Ab

185
1
6

3

votes

0 answers

GeoIP vs IPset performance in iptables

I would like to ask you what is faster in term of performance GeoIP or IPset. Let me explain, imagine that I have rule: iptables -A INPUT -m geoip ! --src-cc US,UK,CA -j DROP And imagine that I have IPset of hash:net and I put all these IPs (from…

iptables performance geoip ipset

asked Sep 07 '18 at 08:44

tomsk

257
4
18

3

votes

1 answer

Why does the 'nomatch' option of ipset not work in this case?

I am using ipset 6.23-2 on Debian Jessie. I created a hash:net set for and an iptables rule to drop all traffic for addresses in the set. Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- anywhere …

linux debian iptables ipset

asked Sep 15 '17 at 06:55

Kanra

31
1

2

votes

1 answer

Why does ipset succeed on adding ipv4 ranges, but fail on adding ipv6 range?

Using ipset to clean up bulky iptable rulesets does not seem so different between IPv4 and IPv6: # ipset create TEST hash:net family inet # ipset create DEMO hash:net family inet6 # iptables -A INPUT -m set --match-set TEST src -j DROP # ip6tables…

iptables ipv6 ipset

asked Sep 02 '18 at 21:23

anx

6,875
4
22
45

2

votes

1 answer

ipset not being applied to iptables

I'm trying to filter out a country that keeps probing my SMTP server (CentOS6) and I can't seem to get the ipset to work out right in iptables. I downloaded that countries IP addresses from ipdeny.com and installed the list as a text file. …

iptables spam ipset

asked Jul 26 '15 at 18:40

pathrider

135
6

2

votes

2 answers

In Linux how to add a route to a prefix via a specific device with certain destinations in that prefix going via default route?

I'm currently dealing with a VPN which connection endpoint lies within the subnet which prefix shall be tunneled via that specific VPN. Essentially the problem thus boils down to match against a (larger) set of destination addresses (/16 mask),…

linux vpn routing iproute2 ipset

asked Mar 14 '22 at 22:25

datenwolf

259
1
9

2

votes

0 answers

Where can I find ipv6 blacklists

We have blacklists in place to stop traffic from known bad actors. There are plenty of resources such as the lists below but I am not finding any results for ipv6 blacklists. Does anyone know where I can find such lists? …

iptables ipv6 ipset

asked Jun 22 '21 at 11:38

Dovid Bender

397
1
6
16

2

votes

1 answer

firewalld, `--add-rich-rule` and missing blacklist set

My server uses Centos8 quite recently installed (~1 year). After trying to ban an IP: firewall-cmd --permanent --zone=extz --add-rich-rule='rule family="ipv4" source address="49.88.112.70" drop' My system seams to be corrupt: # firewall-cmd…

centos firewall centos7 firewalld ipset

asked Jun 13 '20 at 09:36

PeptideChain

135
6

1

vote

3 answers

Using fail2ban, ipset and iptables to block bad IP addresses on Google Compute Engine

I am running Ubuntu Linux 16.04 on a GCP Compute Engine VM instance. This is hosting a web server for a web application. I need feedback from the community about verification that what I have set up on Ubuntu Linux is correct and that I can…

iptables google-compute-engine fail2ban ipset

asked Jul 14 '19 at 13:12

Jack Stein

11
3

1

vote

1 answer

How to use iptables and ipset for destination host redirect to another server?

How to block access to the list of the sites and show a notification page? This example blocking without a page, work correctly: iptables -I FORWARD -m set --match-set site src,dst -j DROP I try to use the next rule for hosts redirect to another…

linux iptables ipset

asked Mar 01 '19 at 17:48

Kvartu

11
2

1

vote

2 answers

Traffic shaping with iptables, ipset and tc (--match-set and --set-mark)

I am having some trouble with what I believe should be a fairly straightforward traffic shaping problem. I have an Ubuntu (16.04) server that is acting as a router/nat. I want to allow most users to use 2mbps internet, whilst throttling some devices…

iptables traffic-shaping tc ipset

asked Apr 22 '17 at 14:58

Gav

13
1
4

1

vote

3 answers

Configure Iptables with Ipset

I would highly appreciate it if someone could help on a quite simple ipset rule I am trying to set up. I cannot really understand why it does not seem to work. So here it goes: I create a simple file with IP addresses I would like to block and call…

iptables ipset

asked Mar 11 '17 at 19:19

Klaipedaville

41
1
1
6

Questions tagged [ipset]