2009/9/8, J. Bakshi <joydeep@xxxxxxxxxxxxxxx>: > Hello list, > > I am opening this new thread as I am working in a new direction with > ipset ( as many of you suggested ). > > The present rules I am using to auto blacklist ips is like below > > ```````````````````````````` > iptables -N syn-flood > iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood > iptables -A syn-flood -p tcp --syn -m hashlimit \ > --hashlimit 4/sec --hashlimit-burst 4 --hashlimit-htable-expire 300000 \ > --hashlimit-mode srcip --hashlimit-name testlimit -j RETURN > > # Drop bad IP and put then in blacklist > iptables -A syn-flood -m recent --name blacklist --set -j DROP > ````````````````````````````````` > > To manage the ips properly I like to save ips in iptree which is an > option from ipset. Is there any way to migrate the ips from ipt_recent > to iptree ? > > Or a new way as below ? > > ``````````````````` > ipset --create blacklistIP iptree --timeout 3600 > > iptables -A PREROUTING blacklistIP -j DROP > > > iptables -N syn-flood > iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood > iptables -A syn-flood -p tcp --syn -m hashlimit \ > --hashlimit 4/sec --hashlimit-burst 4 --hashlimit-htable-expire 300000 \ > --hashlimit-mode srcip --hashlimit-name testlimit -j RETURN Then you should insert the follow line: iptables -A syn-flood -j SET --add-set blacklistIP src > > # Drop bad IP > iptables -A syn-flood -j DROP > > # save the src IP > ipset -N blacklistIP -j SET --add-set src > ipset -N blacklistIP -j syn-flood > `````````````````````` That is the wrong syntax. See above. Remember, an IP in the blacklist will disappear in an hour after the last adding into the set. -- Best regards Anatoly Muliarski -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
