To create ip set called hacker_ips
$ sudo ipset -N hacker_ips iphash
To add IP address to the hacker_ips ipset
$ sudo ipset -A hacker_ips 172.122.150.22
$ sudo ipset -A hacker_ips 192.168.100.22
To drop all ip address stored in ipset called hacker_ips
$ iptables -A INPUT -m set --set hacker_ips src -j DROP
To create ipset named my_blacklist
$ sudo ipset create my_blacklist hash:ip hashsize 4096
To drop all ip address stored in ipset called my_blacklist
$ sudo iptables -A INPUT -m set --set my_blacklist src -j DROP
To add IP address in ipset my_blacklist
$ sudo ipset add my_blacklist 192.168.100.22
$ sudo ipset add my_blacklist 172.122.150.22
To make ipset persistent across reboots
$ sudo ipset save > /etc/ipset.conf
To view the sets
$ sudo ipset -L
To delete a set named hacker_blacklist
$ sudo ipset -X hacker_blacklist
To delete all sets
$ sudo ipset destroy
regards,
T.Dhanasekar