Git Product home page Git Product logo

ipset-firewall's Introduction

ipset-firewall

Block or allow IP large IP pools of countries using ipset.

Why ipset-firewall

Simply because ipset is just designed for it.

Just take a look at below picture. You can clearly see that using only iptables is a pain for your system.

alt text

How it works

The purpose of ipsetfw is for automation. You just give it a yaml file, setup a cronjob and go watch a movie or something.

It works like this:

Takes a list of IPs, either via fetching from github with country code you provided, or a list of IP networks you passed to the binary.

After that, it will create a ipset set, and if you choose, it will also add the required iptable rule for it.

Next time you run the same command, it will clear everything and start again from scratch. So, it will:

  • Take an IP list
  • Create setand add IPs to it
  • Setup iptable rules (optional)
  • Repeat

Usage

There are two ways of using ipsetfw, either you pass arguments to cli which is a bit limited, or give it a yaml file for more option.

CLI

You can use ipsetfw -help to see options and example of usage.

Create a set of Iran IP pool and block IPs from Iran by adding iptables rule:

ipsetfw -country IR -set set -iptables -policy drop

Fetch github and export Iran IP pool:

ipsetfw -country ir -export -file /tmp/list-export.txt -v

Create a set of Iran IP pool and accpet IPs from Iran from file:

ipsetfw -country IR -set set -iptables -policy accept -file /tmp/list-export.txt

Config file

You can use a yaml config file with more options. Here's an example:

defaultChain: IPSET_FW

rules:
  - country: ir
    set: ir-block
    iptables:
      policy: drop
      insert: 1

  - file:
    - /tmp/US-list.txt
    - /tmp/DE-list.txt
    country: us
    set: us-block
    iptables:
      policy: drop
      insert: 2
      chain: "IPSET_FW"
      table: "filter"

As you can see, you can only give country code to fetch list of IPs from github.

Or you can pass your own files to ipsetfw to create a set with multiple countries, or even add your own IPs.

You can completely ignore iptables section. This way, ipsetfw will not take care of iptable rules for you.

Clear changes

If you want to clear everything setup by config file, just run:

ipsetfw -config ipsetfw.yml -clear -v

ipset-firewall's People

Contributors

sabershahhoseini avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.