IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility.

Supported set types:

• list:set
• hash:ip,port,net
• hash:ip,port,net
• hash:ip,port,net
• hash:ip,port,ip
• hash:ip,port
• hash:net,iface
• hash:net,iface
• hash:net,port
• hash:net,port
• hash:net,port
• hash:net
• hash:net
• hash:net
• hash:ip
• bitmap:port
• bitmap:ip,mac
• bitmap:ip

Remove set:

ipset x [set-name]

create set:

ipset create [set-name] hash:ip [hashsize 1024 timeout 600]

List the entries of a named set or all sets:

ipset list [set-name]

Flush a named set or all sets:

ipset flush [set-name]

Test a entry exist:

ipset test [set-name] [entry]

• https://workshop.netfilter.org/2013/wiki/images/a/ab/Jozsef_Kadlecsik_ipset-osd-public.pdf
• http://bigsec.net/one/tool/ipset.html