Re: iptree question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2009/9/8, J. Bakshi <joydeep@xxxxxxxxxxxxxxx>:
> Hello list,
>
> I am opening this new thread as I am working in a new direction with
> ipset ( as many of you suggested ).
>
> The present rules I am using to auto blacklist ips is like below
>
> ````````````````````````````
> iptables -N syn-flood
> iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood
> iptables -A syn-flood -p tcp --syn  -m hashlimit \
> --hashlimit 4/sec --hashlimit-burst 4 --hashlimit-htable-expire 300000 \
> --hashlimit-mode srcip --hashlimit-name testlimit -j RETURN
>
> # Drop bad IP and put then in blacklist
> iptables -A syn-flood -m recent --name blacklist --set -j DROP
> `````````````````````````````````
>
> To manage the ips properly I like to save ips  in iptree which is an
> option from ipset. Is there any way to migrate the ips from ipt_recent
> to iptree ?
>
> Or a new way as below  ?
>
> ```````````````````
> ipset --create  blacklistIP   iptree --timeout 3600
>
> iptables   -A PREROUTING    blacklistIP   -j DROP
>
>
> iptables -N syn-flood
> iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood
> iptables -A syn-flood -p tcp --syn  -m hashlimit \
> --hashlimit 4/sec --hashlimit-burst 4 --hashlimit-htable-expire 300000 \
> --hashlimit-mode srcip --hashlimit-name testlimit -j RETURN


Then you should insert the follow line:
iptables -A syn-flood -j SET --add-set blacklistIP src

>
> # Drop bad IP
> iptables  -A  syn-flood  -j DROP
>
> # save the src IP
> ipset -N blacklistIP -j SET --add-set src
> ipset -N blacklistIP -j syn-flood
> ``````````````````````
That is the wrong syntax. See above.

Remember, an IP in the blacklist will disappear in an hour after the
last adding into the set.

-- 
Best regards
Anatoly Muliarski
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux