Network Security at Gluebox: Why We Use ipset
At Gluebox.com, we believe in simple, powerful tools that do one job well—just like us. That’s why we use ipset as part of our Linux-based firewall strategy.
What is ipset?
ipset is a high-performance firewall enhancement for Linux that allows us to maintain large sets of IP addresses efficiently. Instead of bloating the system with hundreds of separate iptables rules, we can group IPs into fast, memory-efficient sets.
Why We Love It
- Performance: Kernel-optimized sets mean lightning-fast filtering with minimal system load.
- Simplicity: One firewall rule handles thousands of dynamic IPs cleanly and clearly.
- Control: We can instantly block abusive traffic, botnets, and bad actors—without restarting services.
- Automation: We integrate
ipsetwith custom scripts, real-time threat feeds, and scheduled blocklist updates.
How We Use It
We maintain a blacklist of hostile IPs using ipset and link it directly to our iptables firewall rules. Whether it's botnet activity, brute-force login attempts, or scraping, we identify and drop the connection at the network level before it even touches our application stack.
Here's a simplified version of what runs on our nodes:
ipset create blacklist hash:ip
ipset add blacklist 20.171.207.188
iptables -I INPUT -m set --match-set blacklist src -j DROP
One rule. Infinite defense. That’s the kind of glue that holds Gluebox together.