====== ipset ======

[[http://ipset.netfilter.org|IP sets]] are a framework inside the Linux kernel, which can be administered by the ipset utility. 

===== Overview =====

Supported set types:

  * list:set
  * hash:ip,port,net
  * hash:ip,port,net
  * hash:ip,port,net
  * hash:ip,port,ip
  * hash:ip,port
  * hash:net,iface
  * hash:net,iface
  * hash:net,port
  * hash:net,port
  * hash:net,port
  * hash:net
  * hash:net
  * hash:net
  * hash:ip
  * bitmap:port
  * bitmap:ip,mac
  * bitmap:ip

===== Usage =====

Remove set:

  ipset x [set-name]

create set:

  ipset create [set-name] hash:ip [hashsize 1024 timeout 600]

List the entries of a named set or all sets:

  ipset list [set-name]

Flush a named set or all sets:

  ipset flush [set-name]

Test a entry exist:

  ipset test [set-name] [entry]

===== Reference =====

  * https://workshop.netfilter.org/2013/wiki/images/a/ab/Jozsef_Kadlecsik_ipset-osd-public.pdf
  * http://bigsec.net/one/tool/ipset.html