Fatih USTA <fatihusta86@xxxxxxxxx> writes: > You can use sets in nftables like iptables ipset. > http://wiki.nftables.org/wiki-nftables/index.php/Sets See also sshguard[1] or fail2ban, for turnkey Intrusion Prevention Systems (i.e. "block attackers by IP address"). Their nft-specific code is not very interesting: https://bitbucket.org/sshguard/sshguard/src/master/src/fw/sshg-fw-nft-sets.sh https://github.com/fail2ban/fail2ban/blob/bb0f732ae69894b22306dd7efa213513e3acd8a2/config/action.d/nftables.conf [1] don't be fooled by the name; sshguard also handles postfix, dovecot, and NCSA (nginx/apache).
