+-------+ | ipset | +-------+ IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. ipset can: * store multiple IP addresses or port numbers and match against the collection by iptables in one swoop * dynamically update iptables rules against IP addresses or ports without performance penalty * express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets https://ipset.netfilter.org Usage: ipset [options] COMMAND Commands: create SETNAME TYPENAME [type-specific-options] Create a new set add SETNAME ENTRY Add entry to the named set del SETNAME ENTRY Delete entry from the named set test SETNAME ENTRY Test entry in the named set destroy [SETNAME] Destroy a named set or all sets list [SETNAME] List the entries of a named set or all sets save [SETNAME] Save the named set or all sets to stdout restore Restore a saved state flush [SETNAME] Flush a named set or all sets rename FROM-SETNAME TO-SETNAME Rename two sets swap FROM-SETNAME TO-SETNAME Swap the contect of two existing sets help [TYPENAME] Print help, and settype specific help version Print version information quit Quit interactive mode Options: -o plain|save|xml Specify output mode for listing sets. Default value for "list" command is mode "plain" and for "save" command is mode "save". -s Print elements sorted (if supported by the set type). -q Suppress any notice or warning message. -r Try to resolve IP addresses in the output (slow!) -! Ignore errors when creating or adding sets or elements that do exist or when deleting elements that don't exist. -n When listing, just list setnames from the kernel. -t When listing, list setnames and set headers from kernel only. -f Read from the given file instead of standard input (restore) or write to given file instead of standard output (list/save). Supported set types: list:set 3 skbinfo support list:set 2 comment support list:set 1 counters support list:set 0 Initial revision hash:mac 1 bucketsize, initval support hash:mac 0 Initial revision hash:ip,mac 1 bucketsize, initval support hash:ip,mac 0 Initial revision hash:net,iface 8 bucketsize, initval support hash:net,iface 7 skbinfo and wildcard support hash:net,iface 6 skbinfo support hash:net,iface 5 forceadd support hash:net,iface 4 comment support hash:net,iface 3 counters support hash:net,iface 2 /0 network support hash:net,iface 1 nomatch flag support hash:net,iface 0 Initial revision hash:net,port 8 bucketsize, initval support hash:net,port 7 skbinfo support hash:net,port 6 forceadd support hash:net,port 5 comment support hash:net,port 4 counters support hash:net,port 3 nomatch flag support hash:net,port 2 Add/del range support hash:net,port 1 SCTP and UDPLITE support hash:net,port,net 3 bucketsize, initval support hash:net,port,net 2 skbinfo support hash:net,port,net 1 forceadd support hash:net,port,net 0 initial revision hash:net,net 3 bucketsize, initval support hash:net,net 2 skbinfo support hash:net,net 1 forceadd support hash:net,net 0 initial revision hash:net 7 bucketsize, initval support hash:net 6 skbinfo support hash:net 5 forceadd support hash:net 4 comment support hash:net 3 counters support hash:net 2 nomatch flag support hash:net 1 Add/del range support hash:net 0 Initial revision hash:ip,port,net 8 bucketsize, initval support hash:ip,port,net 7 skbinfo support hash:ip,port,net 6 forceadd support hash:ip,port,net 5 comment support hash:ip,port,net 4 counters support hash:ip,port,net 3 nomatch flag support hash:ip,port,net 2 Add/del range support hash:ip,port,net 1 SCTP and UDPLITE support hash:ip,port,ip 6 bucketsize, initval support hash:ip,port,ip 5 skbinfo support hash:ip,port,ip 4 forceadd support hash:ip,port,ip 3 comment support hash:ip,port,ip 2 counters support hash:ip,port,ip 1 SCTP and UDPLITE support hash:ip,mark 3 bucketsize, initval support hash:ip,mark 2 skbinfo support hash:ip,mark 1 forceadd support hash:ip,mark 0 initial revision hash:ip,port 6 bucketsize, initval support hash:ip,port 5 skbinfo support hash:ip,port 4 forceadd support hash:ip,port 3 comment support hash:ip,port 2 counters support hash:ip,port 1 SCTP and UDPLITE support hash:ip 5 bucketsize, initval support hash:ip 4 skbinfo support hash:ip 3 forceadd support hash:ip 2 comment support hash:ip 1 counters support hash:ip 0 Initial revision bitmap:port 3 skbinfo support bitmap:port 2 comment support bitmap:port 1 counters support bitmap:port 0 Initial revision bitmap:ip,mac 3 skbinfo support bitmap:ip,mac 2 comment support bitmap:ip,mac 1 counters support bitmap:ip,mac 0 Initial revision bitmap:ip 3 skbinfo support bitmap:ip 2 comment support bitmap:ip 1 counters support bitmap:ip 0 Initial revision