Comments on: Iptables Block IP https://www.rosehosting.com/blog/blocking-abusive-ip-addresses-using-iptables-firewall-in-debianubuntu/ Premium Linux Tutorials Since 2001 Fri, 03 Jun 2022 08:46:43 +0000 hourly 1 https://wordpress.org/?v=6.5.2 By: admin https://www.rosehosting.com/blog/blocking-abusive-ip-addresses-using-iptables-firewall-in-debianubuntu/#comment-45809 Wed, 21 Jun 2017 05:39:37 +0000 https://secure.rosehosting.com/blog/?p=3521#comment-45809 In reply to Mahon.

You can download the file (CDIR output format) and add all IPs to the blacklist:

while read IP; do
    ipset add my-blacklist $IP
done < CDIR_FILE_NAME.txt
]]>
By: Mahon https://www.rosehosting.com/blog/blocking-abusive-ip-addresses-using-iptables-firewall-in-debianubuntu/#comment-45808 Wed, 21 Jun 2017 01:42:45 +0000 https://secure.rosehosting.com/blog/?p=3521#comment-45808 Johan, thank you for your suggestion on ipset.

I would like to block the IP address by country. I download the free list from https://www.ip2location.com/free/visitor-blocker

Can I know how can I do it using ipset?

]]>
By: Johan https://www.rosehosting.com/blog/blocking-abusive-ip-addresses-using-iptables-firewall-in-debianubuntu/#comment-44032 Thu, 09 Apr 2015 12:10:20 +0000 https://secure.rosehosting.com/blog/?p=3521#comment-44032 If you have many blocked IP addresses adding them directly in the chain is not a very good idea. This can require quite a lot of CPU to match incoming packets to a couple of 1000’s blocked IP addresses. A better way is to use “ipset”. Create a set of IP addresses and add a rule that matches against that set.

This is magnitudes faster and can easily handle 10,000’s of blocked IP addresses with no noticable CPU degradation
This allows you to use existing blacklists (which have 10,000’s entries) for your server. For example from ipdeny . com

For example:

# Create a new map
sudo ipset -n my-blacklist hash:net

# Add ip addresses to the set
# In reality this will be a loop to read blacklists from a file
ipset -a my-blacklist 43.255.0.0/16
ipset -a my-blacklist 218.87.0.0/16
……….
……….

# Add rule to drop all packages in the blacklist
sudo iptables -A INPUT -p tcp -m set –match-set my-blacklist src -j DROP

]]>
By: Keith Sorbo https://www.rosehosting.com/blog/blocking-abusive-ip-addresses-using-iptables-firewall-in-debianubuntu/#comment-43951 Thu, 05 Feb 2015 15:37:45 +0000 https://secure.rosehosting.com/blog/?p=3521#comment-43951 Great article.

Saved my bacon on a DDos Attack

]]>