[ubuntu-hardened] [Secure] Automate IP address banning using ipset and iptables.

Jim Tarvid tarvid at ls.net
Sun Nov 22 12:12:13 UTC 2015 

I can point to a partial answer to your question.

https://github.com/trick77/ipset-blacklist

My cron job is not working.

root at helen:/etc/ipset-blacklist# crontab -l
...
@daily /usr/local/bin/update-blacklist

I don't know how to restart iptables short of reboot.






On Sun, Nov 22, 2015 at 3:41 AM, daniel curtis <sidetripping at gmail.com>
wrote:

>
> Hello,
>
> First thing first; I hope that I'm asking my question in
> the right place (I mean this mailing list). Since it is about
> system security etc., I think it is fine place. If it is not, then
> I'm sorry.
>
> So, I would like to ask about the best method to automate
> IP address banning (port scanning or a remote hosts that
> tries to connect to - for example - port 25) using "ipset" and
> "iptables".
>
> I know, that there is multiple ways to make it right, especially
> with "ipset". So, which of these "ipset" commands are okay
> to create so-called "sets"? Which one should I use?:
>
> 1/ ipset create banned hash:ip hashsize 4096
> 2/ ipset create banned hash:net family inet
> 3/ ipset create banned hash:net
> 4/ ipset -N banned iphash
>
> Generally, I would like to ban IP address (also port scanning
> etc.) using "ipset" and "iptables". According to this, which
> type of a set[1] is okay in this case: "hash:net", "hash:ip,port"
> or maybe another one?
>
> Also, I will have to create an "iptables" rule which matches against the
> set, right? The key here is to use "-m set --match-set <name>" option. I'm
> right? For now I will not provide "iptables"
> rule, because most important is "ipset" command.
>
> Best regards.
> _____________
> [1] http://ipset.netfilter.org/features.html
>
>
> --
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>
>


-- 

Kindness Works!
Jim Tarvid
12897A Grays Pointe Road, Fairfax, Va 22033-2143
38.87782, -77.39270
703-657-0099 Condo
703-825-8463 Cabin
703-624-5289 Cell
703-594-7297 Google voice
202-753-0025 Tablet
http://ls.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20151122/3dd7b989/attachment.html>

More information about the ubuntu-hardened mailing list