[ubuntu-hardened] [Secure] Automate IP address banning using ipset and iptables.
daniel curtis
sidetripping at gmail.com
Sun Nov 22 08:41:27 UTC 2015
Hello,
First thing first; I hope that I'm asking my question in
the right place (I mean this mailing list). Since it is about
system security etc., I think it is fine place. If it is not, then
I'm sorry.
So, I would like to ask about the best method to automate
IP address banning (port scanning or a remote hosts that
tries to connect to - for example - port 25) using "ipset" and
"iptables".
I know, that there is multiple ways to make it right, especially
with "ipset". So, which of these "ipset" commands are okay
to create so-called "sets"? Which one should I use?:
1/ ipset create banned hash:ip hashsize 4096
2/ ipset create banned hash:net family inet
3/ ipset create banned hash:net
4/ ipset -N banned iphash
Generally, I would like to ban IP address (also port scanning
etc.) using "ipset" and "iptables". According to this, which
type of a set[1] is okay in this case: "hash:net", "hash:ip,port"
or maybe another one?
Also, I will have to create an "iptables" rule which matches against the
set, right? The key here is to use "-m set --match-set <name>" option. I'm
right? For now I will not provide "iptables"
rule, because most important is "ipset" command.
Best regards.
_____________
[1] http://ipset.netfilter.org/features.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20151122/83105756/attachment.html>
More information about the ubuntu-hardened
mailing list