Dynamic Rule Set: IPset

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey there, Cybrarians.
00:00
>> Welcome back to
00:00
>> the Linux plus course here at Cybrary.
00:00
I'm your instructor Rob Goelz.
00:00
In today's lesson, we're going to be talking about
00:00
dynamic rule set creation using IPset.
00:00
Upon completion of today's lesson,
00:00
you are going to be able to understand
00:00
the purpose of IPsets.
00:00
We're also going to talk about how
00:00
the IPset command can be used to create an IPset?
00:00
An IPset is just a name set of IP addresses.
00:00
Despite the name, it can also be
00:00
a collection of network interfaces,
00:00
ports, MAC addresses, or subnets.
00:00
It doesn't need to be IPs,
00:00
it's just how it's named.
00:00
But once these set or sets are defined,
00:00
rules can then be applied to them.
00:00
This is really good and helpful when you're using
00:00
firewalls or applications that support these IPsets.
00:00
Now, the IPset command is what we use to
00:00
create or modify IPsets, so it's aptly name.
00:00
An IPset is created
00:00
by entering the IPset name,
00:00
the storage type, which is bitmap,
00:00
hash, or list, and then the set type,
00:00
which can be one of IP,
00:00
net, MAC, port, or interface.
00:00
There are one of two creation
00:00
commands that you could use,
00:00
they're just different formats to create the IPset.
00:00
If you do IPset create or IPset-N,
00:00
they both do the same thing.
00:00
Then everything after that is the name of the IPset,
00:00
the storage type you want to use,
00:00
colon, and then the set type that you want to use.
00:00
Most of the time, you're going to see this in the format
00:00
IPset-N, the name of the IPset.
00:00
In this case, we can say badIPs,
00:00
and hash will be our storage type,
00:00
and net will be the set type.
00:00
We can also add IP
00:00
ranges into our IPset by using
00:00
the IPset add command or we can do IPset-A.
00:00
After that, we specify
00:00
the IPset name and
00:00
the address or range that we want to add.
00:00
For example, to add a single IP,
00:00
we can do IPset add badIPs.
00:00
BadIPs was our IPset example in the last slide.
00:00
Then we can add the IP 10.10.101.5.
00:00
Or if we want to add a whole range,
00:00
we can do IPset-A badIPs 10.10.
00:00
101.0/24. We're using CIDER notation to indicate that
00:00
entire network range is going to be
00:00
blocked adding since the IPset.
00:00
Then we can also going and
00:00
remove IPs from that, of course.
00:00
It would be too helpful if we only add.
00:00
We can do IPset del or IPset-D to delete.
00:00
Then we specify the IPset name and
00:00
the address or range that
00:00
we want to remove from the IPset.
00:00
Then if we're done with IPset,
00:00
we don't want to use it at all anymore.
00:00
We can remove the entire thing with IPset
00:00
destroy and specify the IPset name.
00:00
We can say, IPset destroy badIPs and we're good to go.
00:00
How can IPsets be considered dynamic rule set?
00:00
These don't really seem the same as
00:00
what we saw with the [inaudible] or fail to ban.
00:00
Well, IP tables can be configured to automatically
00:00
update in IPset with badIPs.
00:00
This can effectively create a ban or block list.
00:00
This whole process
00:00
is really beyond the scope of this course in the exam.
00:00
If you want to see more details on this,
00:00
take a look at the link that I've provided here,
00:00
because it is really interesting.
00:00
With that, we reached the end of this lesson.
00:00
In this lesson, we covered the purpose of IPsets,
00:00
and we talked about how the IPsec command can be
00:00
used to create and modify IPsets.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next