Sanction, my little script for on the fly blocking of an entire ip set belonging to a specific country, has been updated to include ipset support if ipset is installed.



There’s still a few items on the wish list for this. Correct chaining in iptables for servers without ipset, setting up a clear and logical way to persist the ipset rules through a reboot, etc. For now, if you are looking for a quick and easy way to ban a country from accessing a port (or all ports) on your server, with iptables or ipset, sanction may be what you are looking for.

Category: iptables

Leave a Reply


gives good tech
Kale is one of the smartest people I know

Racker Hacker
Major is always good for leet deetz