\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP<\/p>\n
\u5b89\u88dd ipset<\/p>\n
yum install ipset<\/pre>\n\u65b0\u589e\u898f\u5247\u914d\u5b9c\u7f6e\u6a94 : block_ip => \u4ee5 ip \u578b\u5f0f\u7684\u9ed1\u540d\u55ae<\/p>\n
ipset create block_ip hash:ip hashsize 4096<\/pre>\n\u8aaa\u660e : hash:ip \u5373\u662f\u8a2d\u5b9a\u70ba ip \u578b\u5f0f<\/p>\n
\u65b0\u589e\u898f\u5247\u914d\u5b9c\u7f6e\u6a94 : block_net => \u4ee5 net \u578b\u5f0f\u7684\u9ed1\u540d\u55ae<\/p>\n
ipset create block_net hash:net hashsize 4096<\/pre>\n\u8aaa\u660e : hash:net \u5373\u662f\u8a2d\u5b9a\u70ba net \u578b\u5f0f<\/p>\n
\u65b0\u589e ip \u5230\u6e05\u55ae<\/p>\n
ipset add block_ip 172.245.110.180<\/pre>\n\u65b0\u589e\u4e00\u7db2\u6bb5\u5230\u6e05\u55ae<\/p>\n
ipset add block_net 191.96.249.0\/24<\/pre>\n\u65b0\u589e\u5728 iptable \u898f\u5247<\/p>\n
iptables -I INPUT -m set --match-set block_ip src -j DROP\r\niptables -I INPUT -m set --match-set block_net src -j DROP<\/pre>\n\u5982\u679c\u662f\u8981\u7576\u767d\u540d\u55ae , \u5728 set \u5f8c\u52a0\u4e00\u500b ! \u5373\u53ef.<\/p>\n
iptables -I INPUT -m set ! --match-set white_net src -j DROP<\/pre>\nipset \u8aaa\u660e :<\/p>\n
1.\u5efa\u7acb\u4e00\u500b\u914d\u7f6e\u6a94<\/p>\n
ipset create \u540d\u55ae hash:\u578b\u614b,Port maxelem 1000000<\/pre>\n\u578b\u614b :\u00a0 ip \u548c net
\nPort : \u6307\u5b9a\u7684 Port (\u53ef\u7701\u7565) \u524d\u9762\u9700\u52a0\u9017\u865f \u3010,\u3011
\nmaxelem :\u00a0\u9810\u8a2d\u53ef\u4ee5\u5132\u5b5865536\u500b\u5143\u7d20\uff0c\u4f7f\u7528maxelem\u6307\u5b9a\u6578\u91cf(\u53ef\u7701\u7565)<\/p>\n2.\u6aa2\u8996\u5df2\u5efa\u7acb\u7684 ipset<\/p>\n
ipset list\r\nipset list \u540d\u55ae<\/pre>\n3.\u52a0\u5165\u540d\u55ae\u5167<\/p>\n
ipset add \u540d\u55ae ip(net)<\/pre>\n3.\u5f9e\u540d\u55ae\u79fb\u9664<\/p>\n
ipset del \u540d\u55ae ip(net)<\/pre>\n4.\u5c07ipset \u540d\u55ae\u5132\u5b58\u5230\u6587\u4ef6<\/p>\n
ipset save \u540d\u55ae -f \u6a94\u540d.txt<\/pre>\n5.\u522a\u9664 ipset \u898f\u5247\u540d\u55ae
\n<\/strong><\/p>\nipset destroy #\u522a\u9664\u6240\u6709\u540d\u55ae\r\nipset destroy \u540d\u55ae #\u522a\u9664\u55ae\u4e00\u540d\u55ae<\/pre>\n6.\u532f\u5165 ipset \u898f\u5247
\n<\/strong><\/p>\nipset restore -f \u6a94\u540d.txt<\/pre>\n7.\u81ea\u52d5\u904e\u671f<\/p>\n
ipset add \u540d\u55ae ip timeout 100<\/pre>\n8.\u91cd\u65b0\u6307\u5b9a\u5230\u671f\u6642\u9593 , \u9700\u52a0\u00a0-exist<\/p>\n
ipset -exist add \u540d\u55ae ip timeout 100<\/pre>\n9.\u6e05\u7a7a\u898f\u5247<\/p>\n
ipset flush #\u6e05\u7a7a\u6240\u6709\u540d\u55ae\r\nipset flush \u540d\u55ae #\u6e05\u7a7a\u55ae\u4e00\u540d\u55ae<\/pre>\n\u53c3\u8003\u8cc7\u6599 :
\nhttps:\/\/fixatom.com\/block-ip-with-ipset\/<\/a>
\nhttps:\/\/tw.saowen.com\/a\/e1dbc5e061b224c07fffc36ba1ea16861f3a6116dfd2d8ef82e0a07aacde8509<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-97","post","type-post","status-publish","format-standard","hentry","category-linux-","entry"],"yoast_head":"\n
\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP - oo7's World<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nickyoo7.com\/?p=97\" \/>\n<meta property=\"og:locale\" content=\"zh_TW\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP - oo7's World\" \/>\n<meta property=\"og:description\" content=\"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.nickyoo7.com\/?p=97\" \/>\n<meta property=\"og:site_name\" content=\"oo7's World\" \/>\n<meta property=\"article:published_time\" content=\"2018-10-19T01:37:50+00:00\" \/>\n<meta name=\"author\" content=\"oo7\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005:\" \/>\n\t<meta name=\"twitter:data1\" content=\"oo7\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u4f30\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.nickyoo7.com\\\/?p=97#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.nickyoo7.com\\\/?p=97\"},\"author\":{\"name\":\"oo7\",\"@id\":\"https:\\\/\\\/www.nickyoo7.com\\\/#\\\/schema\\\/person\\\/2ab2a209159a41a5c551869792fd0367\"},\"headline\":\"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP\",\"datePublished\":\"2018-10-19T01:37:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.nickyoo7.com\\\/?p=97\"},\"wordCount\":61,\"articleSection\":[\"Linux \u6280\u8853\u8cc7\u6599\"],\"inLanguage\":\"zh-TW\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.nickyoo7.com\\\/?p=97\",\"url\":\"https:\\\/\\\/www.nickyoo7.com\\\/?p=97\",\"name\":\"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP - oo7's World\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.nickyoo7.com\\\/#website\"},\"datePublished\":\"2018-10-19T01:37:50+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.nickyoo7.com\\\/#\\\/schema\\\/person\\\/2ab2a209159a41a5c551869792fd0367\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.nickyoo7.com\\\/?p=97#breadcrumb\"},\"inLanguage\":\"zh-TW\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.nickyoo7.com\\\/?p=97\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.nickyoo7.com\\\/?p=97#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/www.nickyoo7.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.nickyoo7.com\\\/#website\",\"url\":\"https:\\\/\\\/www.nickyoo7.com\\\/\",\"name\":\"oo7's World\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.nickyoo7.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-TW\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.nickyoo7.com\\\/#\\\/schema\\\/person\\\/2ab2a209159a41a5c551869792fd0367\",\"name\":\"oo7\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-TW\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e2ffdb3c64d0daa8a28af5806bcb94e283c27974a48761397038108203287e0d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e2ffdb3c64d0daa8a28af5806bcb94e283c27974a48761397038108203287e0d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e2ffdb3c64d0daa8a28af5806bcb94e283c27974a48761397038108203287e0d?s=96&d=mm&r=g\",\"caption\":\"oo7\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP - oo7's World","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nickyoo7.com\/?p=97","og_locale":"zh_TW","og_type":"article","og_title":"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP - oo7's World","og_description":"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP","og_url":"https:\/\/www.nickyoo7.com\/?p=97","og_site_name":"oo7's World","article_published_time":"2018-10-19T01:37:50+00:00","author":"oo7","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005:":"oo7","\u9810\u4f30\u95b1\u8b80\u6642\u9593":"1 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nickyoo7.com\/?p=97#article","isPartOf":{"@id":"https:\/\/www.nickyoo7.com\/?p=97"},"author":{"name":"oo7","@id":"https:\/\/www.nickyoo7.com\/#\/schema\/person\/2ab2a209159a41a5c551869792fd0367"},"headline":"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP","datePublished":"2018-10-19T01:37:50+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nickyoo7.com\/?p=97"},"wordCount":61,"articleSection":["Linux \u6280\u8853\u8cc7\u6599"],"inLanguage":"zh-TW"},{"@type":"WebPage","@id":"https:\/\/www.nickyoo7.com\/?p=97","url":"https:\/\/www.nickyoo7.com\/?p=97","name":"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP - oo7's World","isPartOf":{"@id":"https:\/\/www.nickyoo7.com\/#website"},"datePublished":"2018-10-19T01:37:50+00:00","author":{"@id":"https:\/\/www.nickyoo7.com\/#\/schema\/person\/2ab2a209159a41a5c551869792fd0367"},"breadcrumb":{"@id":"https:\/\/www.nickyoo7.com\/?p=97#breadcrumb"},"inLanguage":"zh-TW","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nickyoo7.com\/?p=97"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.nickyoo7.com\/?p=97#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/www.nickyoo7.com\/"},{"@type":"ListItem","position":2,"name":"\u5229\u7528 iptable + ipset \u5c01\u9396\u5927\u91cf IP"}]},{"@type":"WebSite","@id":"https:\/\/www.nickyoo7.com\/#website","url":"https:\/\/www.nickyoo7.com\/","name":"oo7's World","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nickyoo7.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-TW"},{"@type":"Person","@id":"https:\/\/www.nickyoo7.com\/#\/schema\/person\/2ab2a209159a41a5c551869792fd0367","name":"oo7","image":{"@type":"ImageObject","inLanguage":"zh-TW","@id":"https:\/\/secure.gravatar.com\/avatar\/e2ffdb3c64d0daa8a28af5806bcb94e283c27974a48761397038108203287e0d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e2ffdb3c64d0daa8a28af5806bcb94e283c27974a48761397038108203287e0d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e2ffdb3c64d0daa8a28af5806bcb94e283c27974a48761397038108203287e0d?s=96&d=mm&r=g","caption":"oo7"}}]}},"_links":{"self":[{"href":"https:\/\/www.nickyoo7.com\/index.php?rest_route=\/wp\/v2\/posts\/97","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nickyoo7.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nickyoo7.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nickyoo7.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nickyoo7.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=97"}],"version-history":[{"count":1,"href":"https:\/\/www.nickyoo7.com\/index.php?rest_route=\/wp\/v2\/posts\/97\/revisions"}],"predecessor-version":[{"id":98,"href":"https:\/\/www.nickyoo7.com\/index.php?rest_route=\/wp\/v2\/posts\/97\/revisions\/98"}],"wp:attachment":[{"href":"https:\/\/www.nickyoo7.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=97"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nickyoo7.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=97"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nickyoo7.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=97"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}