Blacklisting large amounts of IPs, i use this with the iptables “blocked logging” in ABF (AsBraFirewall).
ipset -N abf_ip_blacklist iphash ipset -A abf_ip_blacklist 1.1.1.1 ipset -A abf_ip_blacklist 2.2.2.2 iptables -I INPUT -m set --match-set abf_ip_blacklist src -j LOG --log-prefix "[ABF IP Blacklist] " iptables -I INPUT -m set --match-set abf_ip_blacklist src -j DROP
I for one choose to block entire countries, like china:
wget -P /tmp http://www.ipdeny.com/ipblocks/data/countries/cn.zone ipset -N abf_china hash:net for i in $(cat /tmp/cn.zone ); do ipset -A abf_china $i; done iptables -I INPUT -m set --match-set abf_china src -j LOG --log-prefix "[ABF China Blacklist] " --log-level 4 iptables -I INPUT -m set --match-set abf_china src -j DROP