Dynamically populating ipset list to blacklist ip addresses which match a certain iptables rule I've written following iptables rules: iptables -N flood iptables -A INPUT -i eth0 -j flood iptables -A flood -m limit --limit 1/sec --limit-burst 30 -j RETURN iptables -A flood -j LOG --log-ip-options --log-uid --log-level 4 --log-prefix "IPTABLES: FLOOD: " iptables -A flood -j DROP I want to blacklist and block any IP address which matches this rule. How do I populate and update an ipset list on the fly to add IP addresses which match certain iptables rules. Is there a way to achieve this?

I'm assuming you want to add the source IP address of the host which sends the traffic at more than the specified rate.

For that, you can use:


iptables -A flood -m limit --limit 1/sec --limit-burst 30 -j SET --add-set ipsetname src