Linux iptables ipsets

To use these ipsets with an iptables firewall, you generally have to go through the following steps:

1. Create an ipset in kernel
2. Load the IPs to it
3. Use iptables commands to utilize the ipset (e.g. limit access to a server, block traffic)
4. Update it regularly

Your firewalling solution should take care of the first 3. update-ipsets will take care of the 4th.

If you use firehol as your firewall, the first 3 are handled entirely by it (check this wiki entry).

If you don't use firehol, please consult the manual of the firewall on how to handle the first 3.

If you run iptables commands by hand, you can use ipset-apply.sh to take care of 1 and 2, like this:

# /path/to/firehol.git/contrib/ipset-apply.sh dshield

ipset     : dshield
hash      : net
entries   : 20
unique IPs: 5120
file      : /etc/firehol/ipsets/dshield.netset
tmpname   : tmp-27176-8516-1455370598
exists in kernel already: yes

Creating a temporary ipset...
Flushing the temporary ipset...
Loading the temporary ipset with the IPs in file /etc/firehol/ipsets/dshield.netset...
Swapping the temporary ipset with dshield, to activate it...
OK, all done!

Let's see it:

# ipset list dshield

Name: dshield
Type: hash:net
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 17400
References: 0
Members:
45.35.20.0/24
183.3.202.0/24
117.27.251.0/24
185.130.5.0/24
209.126.116.0/24
209.126.101.0/24
185.35.62.0/24
64.125.239.0/24
69.64.57.0/24
61.160.213.0/24
142.54.174.0/24
173.224.117.0/24
95.248.37.0/24
183.60.48.0/24
85.105.98.0/24
69.64.193.0/24
124.173.70.0/24
82.211.31.0/24
175.6.228.0/24
89.248.174.0/24

With just the above, the next time update-ipsets runs and finds that dshield is updated, it will also update the ipset in kernel.

What is missing is to do something with it using your firewall.