diff --git a/init-bot-bl-ipset-and-iptable-rule.sh b/init-bot-bl-ipset-and-iptable-rule.sh
new file mode 100644
index 0000000..99666d1
--- /dev/null
+++ b/init-bot-bl-ipset-and-iptable-rule.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/sh
+
+INET_DEV=eth0
+
+# default block list is small, consider maxlen i have used 
+# maxelem 4194304 out of necessitity of the moment
+# ideally, plan to add, grow, rotate your ipsets before running
+# something like this
+
+# a "starter" blocklist, nomninally for super-agressive spam-bots
+# which I tend to notice and add by hand
+
+ipset -exist create bot-bl hash:ip timeout 0
+
+# install to prerouting rules of iptables "mangle" table 
+# here we want to drop all packets sourced fromv a member of the set 
+
+iptables -t mangle -A PREROUTING -i ${INET_DEV} -m set --match-set bot-bl src -j DROP
+
+# Ignoring fail2ban and such, I have to remember/alias/bind a 
+# command like this to use it:
+
+# ipset add bot-bl 20.171.207.172
\ No newline at end of file