Ipset is a companion application for the iptables Linux firewall. It allows you to setup rules to quickly and easily block a set of IP addresses, among other things. IP sets are a framework inside the Linux 2.4.x and later kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set.
store multiple IP addresses or port numbers and match against the collection by iptables at one swoop
dynamically update iptables rules against IP addresses or ports without performance penalty
express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets
How it works
Configuration
Man Page
