Easily create and administer a blacklist with ipset/iptables

From EN Ikoula wiki
⧼vector-jumptonavigation⧽ ⧼vector-jumptosearch⧽

ro:Creați și administrați cu ușurință o listă neagră cu ipset/iptables ru:Простое создание и администрирование черного списка с помощью ipset/iptables pl:Łatwe tworzenie i zarządzanie czarną listą z ipset/iptables ja:ipset/iptablesでブラックリストを簡単に作成・管理できる zh:使用ipset/iptables轻松地创建和管理黑名单 de:Einfaches Erstellen und Verwalten einer Blacklist mit ipset/iptables nl:Gemakkelijk een zwarte lijst maken en beheren met ipset/iptables it:Creare e amministrare facilmente una lista nera con ipset/iptables pt:Criar e administrar facilmente uma lista negra com ipset/iptables es:Crear y administrar fácilmente una lista negra con ipset/iptables fr:Créer et administrer facilement une blacklist avec ipset/iptables
This article has been created by an automatic translation software. You can view the article source here.

Introduction

This article is about setting up and administering a blacklist quickly and efficiently with the tools iptables and ipset.
You will need to have iptables installed.

Creating the blacklist

Here is how to create a list named blacklistv4 which can contain 1000000 IPv4 addresses (by default 65536): 

ipset create blacklistv4 hash:ip family inet maxelem 1000000

We will then link this list to iptables so that IP addresses added to this list will be banned.
We add a rule at the very beginning of the input string to discard the IPv4 addresses in the list blacklistv4: 

iptables -I INPUT 1 -m set --match-set blacklistv4 src -j DROP

Using the same procedure, we create a blacklist for IPv6: 

ipset create blacklistv6 hash:ip family inet6 maxelem 1000000
ip6tables -I INPUT 1 -m set --match-set blacklistv6 src -j DROP

Use of the blacklist

===List the IP addresses present== =

To list the IP addresses in your blacklist: 

ipset list nom_de_votre_liste

===Add an IP address== =

To add an IP address to your blacklist: 

ipset add nom_de_votre_liste adresse_IP

/!\ Be careful /!\ to fill in an IPv4 address in your list created for IPv4 and an IPv6 address in your list created for IPv6. 

===Delete an IP address== =

To remove an IP address from your blacklist: 

ipset del nom_de_votre_liste adresse_IP




Cet article vous a semblé utile ?

0



You are not allowed to post comments.

Retrieved from "https://en-wiki.ikoula.com/index.php?title=Easily_create_and_administer_a_blacklist_with_ipset/iptables&oldid=12149"