Date created: Tuesday, May 21, 2013 1:32:45 PM. Last modified: Wednesday, June 23, 2021 8:40:03 AM

ipset

This is on Deaibn 7, ipset in Debian 6 is "tricky".

sudo apt-get install ipset ipset-souce xtables-addons-source
sudo module-assistant prepare
# may need: apt-get install linux-headers-`uname -r`

/usr/sbin/ipset destroy

/usr/bin/ipset list

/usr/sbin/ipset create ISP1 hash:net
/usr/sbin/ipset add ISP1 1.1.1.0/24
/usr/sbin/ipset add ISP1 2.2.2.0/24

/usr/sbin/ipset create ISP2 hash:net family inet hashsize 1024 maxelem 65536
/usr/sbin/ipset add ISP2 3.3.3.0/24
/usr/sbin/ipset add ISP2 4.4.4.0/24

/usr/sbin/ipset create ISP3 hash:net family inet hashsize 1024 maxelem 65536
/usr/sbin/ipset add ISP3 5.5.5.0/24


/sbin/iptables -A INPUT -p udp -m set --match-set ISP1 src -m udp --dport 5060 -m comment --comment "Allow ISP1 SIP" -j ACCEPT
/sbin/iptables-A INPUT -p udp -m set --match-set talktalk src -m udp --dport 5060 -m comment --comment "Allow ISP2 SIP" -j ACCEPT
/sbin/iptables-A INPUT -p udp -m set --match-set three src -m udp --dport 5060 -m comment --comment "Allow ISP3 SIP" -j ACCEPT