Re: iptree question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Anatoly Muliarski wrote:
> 2009/9/8, J. Bakshi <joydeep@xxxxxxxxxxxxxxx>:
>   
>> Hello list,
>>
>> I am opening this new thread as I am working in a new direction with
>> ipset ( as many of you suggested ).
>>
>> The present rules I am using to auto blacklist ips is like below
>>
>> ````````````````````````````
>> iptables -N syn-flood
>> iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood
>> iptables -A syn-flood -p tcp --syn  -m hashlimit \
>> --hashlimit 4/sec --hashlimit-burst 4 --hashlimit-htable-expire 300000 \
>> --hashlimit-mode srcip --hashlimit-name testlimit -j RETURN
>>
>> # Drop bad IP and put then in blacklist
>> iptables -A syn-flood -m recent --name blacklist --set -j DROP
>> `````````````````````````````````
>>
>> To manage the ips properly I like to save ips  in iptree which is an
>> option from ipset. Is there any way to migrate the ips from ipt_recent
>> to iptree ?
>>
>> Or a new way as below  ?
>>
>> ```````````````````
>> ipset --create  blacklistIP   iptree --timeout 3600
>>
>> iptables   -A PREROUTING    blacklistIP   -j DROP
>>
>>
>> iptables -N syn-flood
>> iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood
>> iptables -A syn-flood -p tcp --syn  -m hashlimit \
>> --hashlimit 4/sec --hashlimit-burst 4 --hashlimit-htable-expire 300000 \
>> --hashlimit-mode srcip --hashlimit-name testlimit -j RETURN
>>     
>
>
> Then you should insert the follow line:
> iptables -A syn-flood -j SET --add-set blacklistIP src
>
>   
>> # Drop bad IP
>> iptables  -A  syn-flood  -j DROP
>>
>> # save the src IP
>> ipset -N blacklistIP -j SET --add-set src
>> ipset -N blacklistIP -j syn-flood
>> ``````````````````````
>>     
> That is the wrong syntax. See above.
>
> Remember, an IP in the blacklist will disappear in an hour after the
> last adding into the set.
>
>   

Hello Anatoly,

thanks a lot for your kind guidance to both of my emails. I like to
experiment with the codes as you suggest. But I have discovered that
ipset is not available in the suse 11 repo.  Hence I need to compile it
from the source or better if I found a .rpm for suse 11.

Thanks
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux