Using ipset

0crap edited this page Oct 18, 2017 · 196 revisions

Since ipset feature has been implemented. This is a Netfilter extension which should be able to:

  • store multiple IP addresses and/or port numbers and match against a filter list using iptables
  • dynamically update iptables rules against IP addresses or ports without a significant performance penalty
  • express complex IP address and port based rulesets with one single iptables rule and benefit from the speed of IP sets.

NOTE: For more documentation about the various commands using the ipset utility, please visit this link

Ipset Version and Router Models

Newer router has ipset version 6 while older routers has ipset version 4 , ipset cant just be updated as a normal application it relies heavily on the kernel so please consult the chart below to see your ipset version.

Routers Ipset 4 Ipset 6
RT-N66U x
RT-AC56U x
RT-AC66U x
RT-AC66U_B1 x
RT-AC68U x
RT-AC68P x
RT-AC87U x
RT-AC88U x
RT-AC3100 x
RT-AC3200 x
RT-AC5300 x

Ipset Scripts

Note: The script with maintainers are linked in the chart to their respective installation instructions there on the wiki, within those instructions you will find information on how to install and where to get support. The Peerguardian scripts are considered legacy. Only use those if your router supports ipset version 4 and your capable to manage on your own, if you don't then consider using the iblocklist-loader instead it supports both ipset versions and have an active maintainer.

There is a full list of script that are maintained by users, most of the scripts are have various functions for blocking connections please read the description carefully before installing any of these scripts, not all scripts have maintainers and getting support on those scripts can be tricky.

ATTENTION: Scripters, feel free to append to this list and then link installation instructions on the installation instructions page, please dont add full scripts to that page cause it gets messy "keep it light".

Scriptname Ipset Version Maintained by Description
MatchIP Utility 4,6 redhat27 Search ipsets for a specific IP
Tor and Countries Block 4,6 redhat27 Blocks Tor nodes or countries
iblocklist-loader 4,6 redhat27 Block or allow using any list from iblocklist
Skynet - Firewall Addition 6 Adamm Dynamic Malware/Country/Manual IP Blocking
Dynamically Ban Malicious IP's 6 Martineau N/A
Peerguardian v1 4 Peerguardian
Peerguardian v2 4 Peerguardian
Peerguardian v3 4 Peerguardian
Disable Windows 10 Tracking 4 Blocks Telemetry
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.