This works:
table ip filter {
set enemies {
type ipv4_addr
flags timeout
timeout 5m
}
chain INPUT {
type filter hook input priority 0; policy accept;
iifname ens192 ip saddr @enemies \
update @enemies { ip saddr }
iifname ens192 tcp dport { 1-21, 23-24, 26-79 } \
update @enemies { ip saddr }
iifname ens192 ip saddr @enemies log drop
}
}
First, the set "enemies" is defined with a 5 Minute timeout
In the INPUT Chain,
- ip addresses already in the set are re-added and theire ban is prolonged
- ip addresses trying to open one of the specified ports are newly put into the set
- if the ip source address is in the enemies set, the packet is dropped.
Thank you four your help!
Sig.
