[ubuntu-hardened] [Secure] Automate IP address banning using ipset and iptables.
daniel curtis
sidetripping at gmail.com
Sun Nov 22 20:26:53 UTC 2015
Hello Jim,
First of all, thank You very much for a link to the ipset-blacklist
website. It seems quite useful but - to be honest - I want to
make it by myself (I mean create "ipset" and "iptables" etc.)
But there is a very interesting thing in the "update-blacklist"
script; an "ipset" rule. I see that there is used similar "ipset"
command format, (which I have mentioned in my first email).
I mean:
* ipset create $BLACKLIST_NAME hash:net family inet hashsize
So, according to this, I will use similar type of set to create an
"ipset" (but probably without "-exist" option). If "trick77",
mentioned by You, is used to ban a large number of IP
addresses published in IP blacklist, "hash:net" set should be okay
to ban also port scanning etc. (Of course with "--tcp-flags"
options in "iptables" rules).
In conclusion; can anyone confirm or deny if such "ipset" command
is the right thing in my case? Does such "ipset" sets are okay to
use in IP/port scan banning? I mean "hash:net" set.
Thanks for any information.
Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20151122/e7c601e2/attachment-0001.html>
More information about the ubuntu-hardened
mailing list