IPSET

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking
Author Message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12814
Location: Netherlands

PostPosted: Mon Nov 23, 2020 13:31    Post subject: IPSET Reply with quote
IPSET
Introduction
IPSET is a companion application for the iptables Linux firewall.
IPSET handles lists of addresses (IP, MAC , ports, fwmark and combinations of those) quickly and efficiently.

Availability
IPSET should be available on DDWRT routers with 64 MB/+ flash size starting with build 44367.

Usage
Those list can be useful in blacklisting (blocking) (IP) addresses e.g. from known spammers, regions, websites with multiple addresses and subdomains like Youtube etc.
It can be used for whitelisting e.g. only allow a defined set of known good addresses.
But it can also be used for routing purposes e.g. routing all Netflix (sub)Domains and IP addresses via the WAN if you are using a VPN (or vice versa)

Obtaining Addresses (i.e. filling your list)
You can simply create your own list by adding addresses to your IPSET.

The second method is downloading lists of addresses from the internet, this can even be automated to refresh your list at fixed intervals.

The third method is using DNSMasq to add ip address from the (sub)domains you want.
This can be very useful for large organizations with multiple address behind their URL's like Youtube, Netflix, Amazon etc.

For examples and instructions see the attached document.

NOTE: The following document is only visible when you are logged in!

If you have questions or suggestions please PM me

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Sun Jan 22, 2023 16:10; edited 19 times in total
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12814
Location: Netherlands

PostPosted: Mon Nov 23, 2020 14:09    Post subject: Reply with quote
Attached a script for retrieving various (block) lists from internet adding those to an IPSET and setting firewall rules.

Alpha version needs testing

Instructions are in the script

Attached route scripts for route-up and and route-down for WireGuard, experimental needs testing

NOTE: The following documents are only visible when you are logged in!

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Fri Jun 17, 2022 6:24; edited 6 times in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12814
Location: Netherlands

PostPosted: Mon Nov 23, 2020 14:09    Post subject: Reply with quote
For future use
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum