ipset mit asn

• https://blog.dornea.nu/2014/09/17/generate-all-ip-addresses-from-asn/
• https://wiki.archlinux.org/title/Ipset
• https://www.networkinghowtos.com/howto/change-the-iptables-log-file/

whois -h whois.ripe.net -T route AS3320 -i origin | egrep "route: " | awk '{print $NF}'|xargs -I {} echo "ABC {}"

# https://serverfault.com/a/836809
iptables -A INPUT -m set ! --match-set geoblock src -j DROP

apt install ipset whois
ipset -N telekom nethash
whois -h whois.ripe.net -T route AS3320 -i origin | egrep "route: " | awk '{print $NF}'|xargs -I {} ipset add telekom {}
iptables -A INPUT -m set ! --match-set telekom src -j LOG_AND_DROP

#https://www.networkinghowtos.com/howto/change-the-iptables-log-file
echo -e ":msg, contains, 'iptables: ' -/var/log/iptables.log\n& ~" |sudo tee /etc/rsyslog.d/10-iptables.conf