[ubuntu-hardened] [Secure] Automate IP address banning using ipset and iptables.

daniel curtis sidetripping at gmail.com
Sun Nov 22 20:26:53 UTC 2015


Hello Jim,

First of all, thank You very much for a link to the ipset-blacklist
website. It seems quite useful but - to be honest - I want to
make it by myself (I mean create "ipset" and "iptables" etc.)

But there is a very interesting thing in the "update-blacklist"
script; an "ipset" rule. I see that there is used similar "ipset"
command format, (which I have mentioned in my first email).
I mean:

* ipset create $BLACKLIST_NAME hash:net family inet hashsize

So, according to this, I will use similar type of set to create an
"ipset" (but probably without "-exist" option). If "trick77",
mentioned by You, is used to ban a large number of IP
addresses published in IP blacklist, "hash:net" set should be okay
to ban also port scanning etc. (Of course with "--tcp-flags"
options in "iptables" rules).

In conclusion; can anyone confirm or deny if such "ipset" command
is the right thing in my case? Does such "ipset" sets are okay to
use in IP/port scan banning? I mean "hash:net" set.

Thanks for any information.

Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20151122/e7c601e2/attachment-0001.html>


More information about the ubuntu-hardened mailing list