netfilter project logo

The netfilter.org "ipset" project

What is ipset?

IP sets are a framework inside the Linux 2.4.x and later kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set.

If you want to

  • store multiple IP addresses or port numbers and match against the collection by iptables at one swoop
  • dynamically update iptables rules against IP addresses or ports without performance penalty
  • express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets

then ipset may be the proper tool for you.

ipset.netfilter.org homepage

ipset has its own homepage.

Git Tree

The current development version of ipset can be accessed at http://git.netfilter.org/ipset/.

Authors

ipset was almost entirely written by Jozsef Kadlecsik.


Copyright © 1999-2014 Harald Welte, Pablo Neira Ayuso . Pablo Neira Ayuso