An example is quite simple: # Create iptree set to lock bad guys for 5 minutes ipset -N BAD_GUYS iptree --timeout 300 # to add a bad guy( classified by source ip ) into the set iptables -A SOMEWHERE <your_conditions> -j SET --add-set BAD_GUYS src # to manually delete a bad guy( classified by source ip ) from the set iptables -A SOMEWHERE <your_conditions> -j SET --del-set BAD_GUYS src # to view the list content ipset -L BAD_GUYS # to check ip in the list ipset -T BAD_GUYS <ip> OR iptables -A SOMEWHERE -m set --set BAD_GUYS src If you do not need a timeout you may use iphash set type or ipmap for /16 network. -- Best regards Anatoly Muliarski -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
