Dos

From Halfface
Revision as of 11:18, 16 May 2026 by Ekaanbj (talk | contribs) (Created page with "=find attackers= grep -F '/wiki/index.php?days=' /var/log/httpd/halfface.se.access.ssl.log | awk '{print "add blocklist " $1 "/32"}' | sort -n | uniq > /tmp/ips_$(date_file).txt =Remove iptables rule that uses ipset list if it already exists= sudo iptables -D INPUT -m set --match-set blocklist src -j DROP =Remove ipset list= sudo ipset destroy blocklist =ipset create list= sudo ipset create blocklist hash:net hashsize 2097152 maxelem 4000000 -exist =Feed ipset list=...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

find attackers

grep -F '/wiki/index.php?days=' /var/log/httpd/halfface.se.access.ssl.log | awk '{print "add blocklist " $1 "/32"}' | sort -n | uniq > /tmp/ips_$(date_file).txt

Remove iptables rule that uses ipset list if it already exists

sudo iptables -D INPUT -m set --match-set blocklist src -j DROP

Remove ipset list

sudo ipset destroy blocklist

ipset create list

sudo ipset create blocklist hash:net hashsize 2097152 maxelem 4000000 -exist

Feed ipset list

cat /tmp/ips_2026-05-16_12-36-28.txt | sudo ipset restore -exist

Use list in iptables

sudo iptables -I INPUT -m set --match-set blocklist src -j DROP
Retrieved from "https://halfface.se/wiki/index.php?title=Dos&oldid=16645"