We built a module for that for our usage (it's open source too). https://github.com/splitice/xt_setset On Thu, 23 Feb 2023, 10:34 pm Kerin Millar, <kfm@xxxxxxxxxxxxx> wrote: > > On Thu, 23 Feb 2023 12:04:44 +0100 > Fourhundred Thecat <400thecat@xxxxxx> wrote: > > > Hello, > > > > I have an ipset named "PORTSCAN". > > > > I allow traffic to legitimate ports, but if any IP tries to access > > (scan) any other port, I add it to PORTSCAN. > > > > The purpose is to protect my hidden services, here in this example > > listening on 22222: > > > > > > -A INPUT -m set --match-set PORTSCAN src -j DROP > > ... > > -A INPUT -p tcp -m tcp --dport 22222 -j ACCEPT > > ... > > -A INPUT -j SET --add-set PORTSCAN src --timeout 3600 > > > > > > So, now when IP is alredy in PORTSCAN, in addition to DROP, I need to > > update the timeout (reset to 3600 again), so that if IP continuously > > tries to scan me, the timeout gets constantly extended/reset. > > > > This was possible when I was using the "-m recent" module: > > > > -A INPUT -m recent --rsource --name GREYLIST --seconds 3600 --update > > -j DROP > > > > how can I update the timeout of IP in ipset? > > The following option is detailed by iptables-extensions(8). > > --exist > when adding an entry if it already exists, reset the timeout > value to the specified one or to the default from the set defi‐ > nition > > -- > Kerin Millar
