CentOS / RHEL: Install ipset Administration Tool For IP Sets and IPTables


First turn on EPEL repo and type the following yum command:
# yum install ipset
Sample outputs:

Loaded plugins: auto-update-debuginfo, protectbase, rhnplugin
0 packages excluded due to repository protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ipset.x86_64 0:6.11-1.el6 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: ipset-6.11-1.el6.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: ipset-6.11-1.el6.x86_64
--> Running transaction check
---> Package libmnl.x86_64 0:1.0.3-4.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
 Package       Arch          Version             Repository                   Size
 ipset         x86_64        6.11-1.el6          rhel-x86_64-server-6         61 k
Installing for dependencies:
 libmnl        x86_64        1.0.3-4.el6         epel                         22 k
Transaction Summary
Install       2 Package(s)
Total download size: 82 k
Installed size: 46 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): ipset-6.11-1.el6.x86_64.rpm                          |  61 kB     00:00
(2/2): libmnl-1.0.3-4.el6.x86_64.rpm                        |  22 kB     00:00
Total                                              172 kB/s |  82 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : libmnl-1.0.3-4.el6.x86_64                                       1/2
  Installing : ipset-6.11-1.el6.x86_64                                         2/2
  Verifying  : libmnl-1.0.3-4.el6.x86_64                                       1/2
  Verifying  : ipset-6.11-1.el6.x86_64                                         2/2
  ipset.x86_64 0:6.11-1.el6
Dependency Installed:
  libmnl.x86_64 0:1.0.3-4.el6


Type the following commands:

 ## create ip set called badips (-N)    ##
## Uses a hash to  store IP  host  addresses or  network ## 
## addresses. Zero valued IP address cannot be stored    ##
## in a iphashtype of set. ##
ipset -N badips iphash
## add IP address ##
ipset -A badips
ipset -A badips
## drop all ip address stored in ipset called badips ##
iptables -A INPUT -m set --set badips src -j DROP

The recommended syntax is as follows:
# ipset create myblacklist hash:ip hashsize 4096
# iptables -A INPUT -m set --set myblacklist src -j DROP

Now, you can add IP address as follows:
# ipset add myblacklist
# ipset add myblacklist
# ipset add myblacklist

Was this answer helpful?

 Print this Article

Also Read

How to add disks to LVM volume on Linux

How to add disks to LVM volume on LinuxThe biggest advantage of LVM over traditional disk...

Install Cloud Linux on Cpanel Server

Install Cloud Linux On Cpanel ServerIt is easy to switch server from CentOS 5.x, 6.x or 7.x to...

How to Setup network on centos 7

How to Setup network on centos 7After installing Centos 7, You may not able to connect network in...

10 UNIX Command Line Mistakes

Here are a few mistakes that I made while working at UNIX prompt. Some mistakes caused me a good...

How to Install Tomcat 7.0.82 Server on CentOS/RHEL 7/6/5

Apache Tomcat is a open source web server for Java application of Apache Foundation like Apache...