update archlinux notes page

2024-05-26 08:12:03 +02:00 · 2024-05-26 08:12:03 +02:00 · fcf857b0fe
commit fcf857b0fe
parent 3ff942f621
1 changed files with 30 additions and 1 deletions
--- a/content/notes/archlinux/index.md
+++ b/content/notes/archlinux/index.md
@ -1,7 +1,7 @@
 ---
 title: Archlinux
 date: 2023-11-29T20:33:48+0100
-lastmod: 2024-05-09T12:29:13+0000
+lastmod: 2024-05-26T06:31:47+0000
 tags:
  - archlinux

@ -104,6 +104,35 @@ wifi.backend=iwd
 dhcp=dhcpcd
 ~~~

+## Blocking IPs from a list with ipset
+
+Using [ipset](https://wiki.archlinux.org/title/Ipset) should increase performance
+on the box, also using the raw table should not create useless states as for what
+I understand from the source article on
+[serverfault.com](https://serverfault.com/a/823336).
+
+~~~console
+$ sudo ipset -N badips iphash
+$ while read ip; do sudo ipset -A badips "$ip"; done < blocked.txt
+$ sudo iptables -t raw -I PREROUTING -m set --match-set badips src,dst -j DROP
+$ sudo iptables-save -f /etc/iptables/iptables.rules
+~~~
+
+Enable iptables in case it is not running yet.
+
+~~~console
+$ sudo systemctl enable --now iptables.service
+~~~
+
+Also make the ipset configuration persistent:
+
+~~~console
+$ sudo ipset save -file /etc/ipset.conf
+$ sudo systemctl enable ipset.service
+~~~
+
+Reboot to test its persistency.
+
 ## Do not manage one specific USB dongle

 `99-unmanaged-devices.conf`: