How to Connect the CleanTalk IPSet Spam IP BlackLists Database to IPtables


Our Blacklists Database users have access to offline spam bases according to their packets. On the Blacklists Database Dashboard, there is an offline files section. You can find it here. Scroll down or select Offline files from the navigation menu:


Blacklist Database Dashboard


SFTP details

Use these credentials to download offline files:


Offline files


If you want to use our IP spam database for IPtables you need to do the following:

1. Install IPset packet. 

For Debian: apt-get  install ipset

For Redhat: yum install ipset  -y

2. Check if you have a CURL with SFTP support installed:

curl -V | grep sftp -o

Download missing libraries.

3. Download CleanTalk scripts.

4. Make a folder for the .conf file and lists:

mkdir -p /etc/ipset-blacklist

and copy ipset-blacklist.conf file from downloaded archive to this fodder.

5. Copy file from downloaded archive to /usr/local/sbin.

Make it executable: chmod +x /usr/local/sbin/

6. Enter your SFTP credentials to ipset-blacklist.conf:


ipset-blacklist.conf edit


7. Run the script:

/usr/local/sbin/ /etc/ipset-blacklist/ipset-blacklist.conf

The script creates a list for IPtables: ip-blacklist.restore 

8. To connect the list run:

ipset restore < /etc/ipset-blacklist/ip-blacklist.restore

iptables -I INPUT 1 -m set --match-set blacklist src -j DROP

9. For automatic updates please add to cron these lines:



33 23 * * *     root /usr/local/sbin/ /etc/ipset-blacklist/ipset-blacklist.conf


You can check the results:

iptables -L INPUT -v --line-numbers


IPtables result



Was this information helpful?

It would also be interesting

Copied to clipboard