In order to drop traffic to-from banned networks or IP addresses,
use IP sets in the raw table of netfilter.
If you want to change a set without disturbing your existing
iptables rules, simply swap it with the new set:
# Create the new set and add the entries to it
ipset -N new-set ....
ipset -A new-set ....
...
# Swap the old and new sets
ipset -W old-set new-set
# Get rid of the old set, which is now under new-set
ipset -X new-set
All the documentation on this site is released under
the GNU/GPL license
terms.
All the documentation on this site is released under
the GNU/GPL license
terms.
