Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Securing Your Server using IPset and Dynamic Blocklists
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Securing Your Server using IPset and Dynamic Blocklists

As a dedicated server or Virtual Private Server (VPS) owner, one of the important tasks is to defend against online attacks. In this tutorial I will discuss how to use IPset with dynamic blocklists to better secure your server. IP sets are a framework inside the Linux kernel, administered by the IPset utility. It makes the task of managing large lists of IP addresses in IPTables much easier and more efficient, and can be used on most servers EXCEPT on an OpenVZ VPS.

How can we better secure our servers using IPSet? The answer is to take advantage of various IP blocklists maintained by security research companies or groups on the Internet, and deny access to these "bad" IPs and/or subnets.

Continue reading at the original post on my blog:
https://blog.ls20.com/securing-your-server-using-ipset-and-dynamic-blocklists/

Any questions or comments are welcome.

Thanked by 1jar

Comments

  • NeoonNeoon Community Contributor, Veteran
    edited May 2014

    good stuff, i gonna try that.

  • FalzoFalzo Member

    give emergingthreats a try? dshield top-list included...
    predefined rules available or perl script for iptables/ipset available too

    http://rules.emergingthreats.net/fwrules/
    http://doc.emergingthreats.net/bin/view/Main/EmergingFirewallRules

  • howardsl2howardsl2 Member
    edited May 2014

    @Falzo said:

    Thanks for the comment. Actually I did mention Emerging Threats in my original post at the last few paragraphs. Maybe I should expand that section to make it more clear to read.

    Thanked by 1Falzo
  • ZEROFZEROF Member

    Thank for good tutorial, this is what i call a-z information sharing. Well done. Keep the good work.

  • FalzoFalzo Member

    hwdsl2 said: Actually I did mention Emerging Threats in my original post at the last few paragraphs. Maybe I should expand that section to make it more clear to read.

    yes you're right... sorry I must have missed this part by any means.

    you did mention that ipset is not working on openvz, can you explain this?
    and why do you think ipset is superior to directly using iptables-rules?

    thx for sharing your work and thoughts!

  • howardsl2howardsl2 Member
    edited May 2014

    @Falzo said:

    It seems that the ipset module for netfilter is not implemented by the OpenVZ developers for use in containers. Here are a few links to related information:
    http://lowendtalk.com/discussion/12381/openvz-vs-other-virtualization-offers-ratio
    https://bugzilla.openvz.org/show_bug.cgi?id=2644
    http://wiki.buyvm.net/doku.php/openvz_vs_kvm

    Compared to "vanilla" iptables, using ipset can greatly improve efficiency when filtering hundreds of thousands of IPs/IP networks or IP-Port combinations. Unlike normal iptables chains, which are stored and traversed linearly, IP sets are stored in indexed data structures, making lookups very efficient, even when dealing with large sets. (Source)

    When you have a huge number of rules in iptables, the packet filtering begins to introduce delays and consume more resources due to the processing required. With ipset you can achieve the desired result on a medium-powered VPS without visible speed degradation.

    IPset is also more flexible - according to the manual page an IP set may store IP(v4/v6) addresses, (TCP/UDP) port numbers, IP and MAC address pairs, IP address and port number pairs, etc.

    Thanked by 1Falzo
  • Nice article thanks for the information

Sign In or Register to comment.