ip reputation blocklist

ipset

https://confluence.jaytaala.com/display/TKB/Using+ipset+to+block+IP+addresses+-+firewall

blacklist https://github.com/kravietz/blacklist-scripts

iptables-mit-ipset-blocklist

https://peters-christoph.de/blog/server/iptables-mit-ipset-blocklist/

vxlan use case

wireguard mtu 1420

vxlan mtu 1350 (overhead 50)

iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN  -o br-lan -j TCPMSS --set-mss 1200
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN  -o br-overlay02 -j TCPMSS --set-mss 1200

iptables start on boot

https://serverfault.com/questions/914493/ubuntu-18-04-doesnt-load-iptables-rules-after-reboot

geo blocking

You will need to add the iptables support for geolocation. To do so, you'll have to follow these steps:

apt-get install xtables-addons-common
mkdir /usr/share/xt_geoip
apt-get install libtext-csv-xs-perl unzip
/usr/lib/xtables-addons/xt_geoip_dl
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv

iptables -A FORWARD -m geoip --src-cc XK -p tcp -m tcp --dport 443 -j ACCEPT

dokuwiki

Table of Contents

ip reputation blocklist

iptables-mit-ipset-blocklist

vxlan use case

iptables start on boot

geo blocking