Using ipset to ban bad IP addresses from Project Honey Pot, Spamhaus, Tor, OpenBL and more

ipset in combination with iptables are the perfect tools to ban thousands of blacklisted IP addresses from IP blacklist providers like Project Honey Pot, Spamhaus, OpenBL and virtually anyone providing a list of “bad” IP addresses from a Linux server.

I’ve created a very simple Bash shell script which can be used to auto-update blacklisted IP addresses. Please see the documentation in the on how to install it. It doesn’t matter if the blacklist comes as a raw IP list, as XML or CSV. The script will find any IPv4 including IPv4 with network prefixes (CIDR notation).

Currently, the script downloads blacklisted IP addresses from the following blacklists:

  1. Project Honey Pot
  2. Tor Exit Nodes
  3. MaxMind Anonymous Proxies
  4. BruteForceBlocker IP list from
  5. Emerging Threats list from
  6. Spamhaus Don’t Route Or Peer List
  7. C.I. Army Malicious IP list
  8. OpenBL 30 day list
  9. Autoshun’s Shun list

Link to the git repository:

So, is there any benefit in banning those IP addresses? Well, it certainly reduces comment spam on a WordPress blog and there have been claims from websites owners that their servers had been attacked through Tor. The number of comment spam attempts on this blog dropped quite impressively after implementing the IP address bans:


5 replies on “Using ipset to ban bad IP addresses from Project Honey Pot, Spamhaus, Tor, OpenBL and more”

  1. Hi Jan,

    I am greatfully implementing this on my private server. I’ve got some support questions, though. Where can I ask them?


Comments are closed.