Iptables

Block by ip and port

iptables -A INPUT -p tcp -s 1.1.1.1 --dport 80 -j DROP
iptables -A INPUT -p udp -s 1.1.1.1 --dport 5443 -j DROP

Block by subnet and multi ports

iptables -A INPUT -p udp -s 1.1.1.0/24 -m multiport --dports 500,1701,4500,5443 -j DROP

iptables v1.8.7 (nf_tables) Error

update-alternatives --set iptables /usr/sbin/iptables-legacy

Range to Netmask

#!/usr/bin/perl -w

use Net::Netmask;

my $file = shift;
open(INPUT, $file) or die "can open file\n";

while(<INPUT>) {
    my $line = $_;
    if ( $line =~ m{(\d+\.\d+\.\d+\.\d+)\-(\d+\.\d+\.\d+\.\d+)} ) {
        my @block = range2cidrlist($1, $2);
        print map { "$_\n" } @block;
    } elsif ( $line =~ m{(\d+\.\d+\.\d+\.\d+)\s+(\d+\.\d+\.\d+\.\d+)\s+} ) {
        my @block = range2cidrlist($1, $2);
        print map { "$_\n" } @block;
    } else {
        print "No match: $line\n";
        exit;
    }
}

close(INPUT);

ipset add banlist 1.1.1.0/24
ipset test banlist 1.1.1.0/24
ipset destroy banlist
ipset save banlist -f ipsetback.txt
ipset restore -f ipsetback.txt
iptables -A INPUT -p udp -m set --match-set banlist src -m multiport --dports 500,1701,4500,5443 -j DROP