find attackers

grep -F '/wiki/index.php?days=' /var/log/httpd/halfface.se.access.ssl.log | awk '{print "add blocklist " $1 "/32"}' | sort -n | uniq > /tmp/ips_$(date_file).txt

Remove iptables rule that uses ipset list if it already exists

sudo iptables -D INPUT -m set --match-set blocklist src -j DROP

Remove ipset list

sudo ipset destroy blocklist

ipset create list

sudo ipset create blocklist hash:net hashsize 2097152 maxelem 4000000 -exist

Feed ipset list

cat /tmp/ips_2026-05-16_12-36-28.txt | sudo ipset restore -exist

Use list in iptables

sudo iptables -I INPUT -m set --match-set blocklist src -j DROP

Dos

Contents

find attackers

Remove iptables rule that uses ipset list if it already exists

Remove ipset list

ipset create list

Feed ipset list

Use list in iptables

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools