ipset | administration tool for kernel IP sets | Mehr ...
IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel which can be administered by the ipset(8) utility. Depending on the type, an IP set may store IPv4 addresses, TCP/UDP port numbers, or IPv4 addresses with MAC addresses in a way which ensures lightning speed when matching an entry against a set. . If you want to . * store multiple IPv4 addresses or port numbers and match against the entire collection using a single iptables rule; . * dynamically update iptables rules against IPv4 addresses or ports without performance penalty; . * express complex IPv4 address and ports based rulesets with a single iptables rule and benefit from the speed of IP sets; . then IP sets may be the proper tool for you. . Note: the ipset(8) utility is the userspace counterpart to kernel functionality which requires patches from the patch-o-matic-ng project applied to the kernel.