From: "J. Bakshi" <joydeep@infoservices.in>
To: Anatoly Muliarski <x86ever@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: iptree question
Date: Tue, 08 Sep 2009 13:32:29 +0530 [thread overview]
Message-ID: <4AA60F95.3060501@infoservices.in> (raw)
In-Reply-To: <38db14850909080057w6caf2daeq4b287480a07ca2d0@mail.gmail.com>
Anatoly Muliarski wrote:
> 2009/9/8, J. Bakshi <joydeep@infoservices.in>:
>
>> Hello list,
>>
>> I am opening this new thread as I am working in a new direction with
>> ipset ( as many of you suggested ).
>>
>> The present rules I am using to auto blacklist ips is like below
>>
>> ````````````````````````````
>> iptables -N syn-flood
>> iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood
>> iptables -A syn-flood -p tcp --syn -m hashlimit \
>> --hashlimit 4/sec --hashlimit-burst 4 --hashlimit-htable-expire 300000 \
>> --hashlimit-mode srcip --hashlimit-name testlimit -j RETURN
>>
>> # Drop bad IP and put then in blacklist
>> iptables -A syn-flood -m recent --name blacklist --set -j DROP
>> `````````````````````````````````
>>
>> To manage the ips properly I like to save ips in iptree which is an
>> option from ipset. Is there any way to migrate the ips from ipt_recent
>> to iptree ?
>>
>> Or a new way as below ?
>>
>> ```````````````````
>> ipset --create blacklistIP iptree --timeout 3600
>>
>> iptables -A PREROUTING blacklistIP -j DROP
>>
>>
>> iptables -N syn-flood
>> iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood
>> iptables -A syn-flood -p tcp --syn -m hashlimit \
>> --hashlimit 4/sec --hashlimit-burst 4 --hashlimit-htable-expire 300000 \
>> --hashlimit-mode srcip --hashlimit-name testlimit -j RETURN
>>
>
>
> Then you should insert the follow line:
> iptables -A syn-flood -j SET --add-set blacklistIP src
>
>
>> # Drop bad IP
>> iptables -A syn-flood -j DROP
>>
>> # save the src IP
>> ipset -N blacklistIP -j SET --add-set src
>> ipset -N blacklistIP -j syn-flood
>> ``````````````````````
>>
> That is the wrong syntax. See above.
>
> Remember, an IP in the blacklist will disappear in an hour after the
> last adding into the set.
>
>
Hello Anatoly,
thanks a lot for your kind guidance to both of my emails. I like to
experiment with the codes as you suggest. But I have discovered that
ipset is not available in the suse 11 repo. Hence I need to compile it
from the source or better if I found a .rpm for suse 11.
Thanks
prev parent reply other threads:[~2009-09-08 8:02 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-08 6:29 iptree question J. Bakshi
2009-09-08 7:57 ` Anatoly Muliarski
2009-09-08 8:02 ` J. Bakshi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AA60F95.3060501@infoservices.in \
--to=joydeep@infoservices.in \
--cc=netfilter@vger.kernel.org \
--cc=x86ever@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox