[pve-devel] Creating of a 2nd blacklist with many blocked IPs

Dietmar Maurer dietmar at proxmox.com
Mon Oct 27 10:37:41 CET 2014


> Dietmar write me in the forum, to make with ipset. I have read the man just
> before but I cant understand how to combine with the iptables that proxmox
> create.

I thought about something like this:

#!/bin/bash

# create ipset
ipset create blacklist hash:net family inet hashsize 64 maxelem 64 || true
ipset flush blacklist

# add entries to ipset
ipset add blacklist 1.2.3.4
ipset add blacklist 1.2.3.5
ipset add blacklist 2.3.4.0/24

# iptables setup
iptables -C FORWARD -m set --match-set blacklist src -j DROP || iptables -I FORWARD -m set --match-set blacklist src -j DROP




More information about the pve-devel mailing list