Tag: ipset

Make IPTables Rules Permanent

/ Yair Krauze / Leave a comment

To make iptables rules permanent, we need to save them to a configuration files and ensure they are restored on each boot. The following assumes that the current rules enabled are those to be made permanent. Save current rules to config file

1
sudo sh -c "iptables-save > /etc/iptables.conf"

Edit /etc/rc.local as root and add the following

1
2
# Load iptables rules from config file
iptables-restore < /etc/iptables.conf

Continue reading →

Use IPSet to Block Multiple IPs

/ Yair Krauze / Leave a comment

Instead of adding individual IP addresses that need to be blocked to IPTables, it is easier to maintain a a single blacklist using IPSet and reference it in IPTables. Install IPSet

1
sudo apt-get install ipset

Create the blacklist list

1
sudo ipset create blacklist hash:ip hashsize 4096

Tell IPTables to reference the newly created list

1
2
sudo iptables -I INPUT -m set --match-set blacklist src -j DROP
sudo iptables -I FORWARD -m set --match-set blacklist src -j DROP

Add an IP to the list to test

1
sudo ipset add blacklist 192.168.10.10

Continue reading →