Categories
Operating Systems Programming Security

ipset – Blacklisting large sets

Blacklisting large amounts of IPs, i use this with the iptables “blocked logging” in ABF (AsBraFirewall).

ipset -N abf_ip_blacklist iphash
ipset -A abf_ip_blacklist 1.1.1.1
ipset -A abf_ip_blacklist 2.2.2.2

iptables -I INPUT -m set --match-set abf_ip_blacklist src -j LOG --log-prefix "[ABF IP Blacklist] "
iptables -I INPUT -m set --match-set abf_ip_blacklist src -j DROP

I for one choose to block entire countries, like china:

wget -P /tmp http://www.ipdeny.com/ipblocks/data/countries/cn.zone
ipset -N abf_china hash:net
for i in $(cat /tmp/cn.zone ); do ipset -A abf_china $i; done
iptables -I INPUT -m set --match-set abf_china src -j LOG --log-prefix "[ABF China Blacklist] " --log-level 4
iptables -I INPUT -m set --match-set abf_china src -j DROP

By Nimpen J. Nordström

System Developer and Network Security Enthusiast

Leave a Reply

Your email address will not be published. Required fields are marked *