Use IPSet to Block Multiple IPs
Instead of adding individual IP addresses that need to be blocked to IPTables, it is easier to maintain a a single blacklist using IPSet and reference it in IPTables. Install IPSet
1 | sudo apt-get install ipset |
Create the blacklist list
1 | sudo ipset create blacklist hash:ip hashsize 4096 |
Tell IPTables to reference the newly created list
1 2 | sudo iptables -I INPUT -m set --match-set blacklist src -j DROP sudo iptables -I FORWARD -m set --match-set blacklist src -j DROP |
Add an IP to the list to test
1 | sudo ipset add blacklist 192.168.10.10 |
…
Continue reading →