Hello,
tonight I implemented ipset on my little router, a program I've been using for a year to filter out different ddos attacks on my server.
It worked all night but after rebooting, while reinserting the rules on iptables, it stopped working in forwarding. Only in INPUT and OUTPUT.
The router is configured with two network adapters in bridge and the kernel module "br_netfilter" is active.
This is ipset:
Name: test
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 100
References: 3
Members:
1.1.1.1
This is iptables:
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere match-set test src
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere match-set test src
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere match-set test src