Protect HestiaCP servers with an IPset list

HestiaCP combined with Fail2ban and Iptables provides a strong security baseline. With IPset, you can maintain dynamic malicious IP lists and apply high-performance blocking at scale.

Why IPset lists are useful

Continuous protection: auto-block known malicious IPs.
Centralized management: manage rules directly in Hestia.
Flexibility: tailor lists and policies per threat scenario.

Creating a malicious IP list

Hestia includes an automatic update script:

/usr/local/hestia/install/common/firewall/ipset/blacklist.sh

It aggregates multiple public sources, for example:

Attack categories commonly mitigated

With updated feeds and correct rules, you reduce exposure to:

Spam
SYN flood
DDoS
Sniffing
Scam/fraud
Proxy/Tor abuse
Dictionary attacks
Brute force
Phishing
Malware
SQL injection

Note: threat techniques evolve constantly. Keep list feeds, monitoring, and incident response policy updated.

Register the list in HestiaCP

Inside Hestia panel:

Open Server Settings.
Go to Firewall.
Open IP Set Lists.
Click Add IP list.

Fill fields with:

Name: BLOCK-LIST
Data source: “Block malicious IPs”
or: script:/usr/local/hestia/install/common/firewall/ipset/blacklist.sh
IP version: IPv4
Auto update: Yes

Create firewall rules

After list registration, apply deny rules for ipset:BLOCK-LIST.

Rule 1: deny TCP (inbound)

Action: REJECT
Protocol: TCP
Port: 0
Address: ipset:BLOCK-LIST
Comment: BLOCK_BADIP

Rule 2: deny UDP (outbound)

Action: REJECT
Protocol: UDP
Port: 0
Address: ipset:BLOCK-LIST
Comment: BLOCK_BADIP

Rule 3: deny ICMP

Action: REJECT
Protocol: ICMP
Port: 0
Address: ipset:BLOCK-LIST
Comment: BLOCK_BADIP

This keeps your server continuously protected with trusted, auto-updated bad-IP feeds.

This post is licensed under CC BY-NC.