[pve-devel] Creating of a 2nd blacklist with many blocked IPs
Dietmar Maurer
dietmar at proxmox.com
Mon Oct 27 10:37:41 CET 2014
> Dietmar write me in the forum, to make with ipset. I have read the man just
> before but I cant understand how to combine with the iptables that proxmox
> create.
I thought about something like this:
#!/bin/bash
# create ipset
ipset create blacklist hash:net family inet hashsize 64 maxelem 64 || true
ipset flush blacklist
# add entries to ipset
ipset add blacklist 1.2.3.4
ipset add blacklist 1.2.3.5
ipset add blacklist 2.3.4.0/24
# iptables setup
iptables -C FORWARD -m set --match-set blacklist src -j DROP || iptables -I FORWARD -m set --match-set blacklist src -j DROP
More information about the pve-devel
mailing list