ipset 2.2.8

ipset pakcage is a framework inside the Linux 2.4.x and 2.6.x kernel, which can be administered by the ipset utility. Depending on

Developer:	Jozsef Kadlecsik more software by author →
Price:	0.00
License:	GPL (GNU General Public License)
File size:	26K
Language:
OS:
Rating:	0 /5 (0 votes)
Your vote:
enlarge screenshot

ipset pakcage is a framework inside the Linux 2.4.x and 2.6.x kernel, which can be administered by the ipset utility.

Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set.

If you want to:

store multiple IP addresses or port numbers and match against the collection by iptables at one swoop
dynamically update iptables rules against IP addresses or ports without performance penalty
express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets
then ipset may be the proper tool for you.

Here are some key features of "ipset":
ipmap

The ipmap set type uses a memory range, where each bit represents one IP address and can store up to 65535 (B-class network) entries. You can store same size network addresses in an ipset as well and an IP address will be in the set if the network address it belongs to can be found in the set.
macipmap

The macipmap set type uses a memory range, where each 8 bytes represents one IP and a MAC addresses. A macipmap set type can store up to 65535 (B-class network) IP addresses with MAC.
portmap

The portmap set type uses a memory range, where each bit represents one port. A portmap type of set can store up to 65535 ports.
iphash

The iphash set type uses a hash to store IP addresses where clashing is resolved by double-hashing and, as a last resort, by dynamically growing the hash. Same size network addresses can be stored in an iphash as well.
nethash

The nethash set type also uses a hash to store CIDR netblocks, which may be of different sizes. The same techique is used to avoid clashes as at the iphash set type.
iptree

The iptree set type uses a tree to store IP addresses, optionally with timeout values.

Bindings

IP sets allows you to bind an entry in a set to another set, which forms a relationship between the set element and the set it is bound to. The sets may have a default binding, which is valid for every set element for which there is no binding defined at all.

The bindings have no special meaning at the set level. However, you can benefit from them when using the set match of iptables. The set match will follow the bindings and will return a true (matched) value only if the packet parameters match all bindings it found.

Let's see an example:

# ipmap set storing the IP addresses of two machines
ipset -N servers ipmap --network 192.168.0.0/16
ipset -A servers 192.168.0.1
ipset -A servers 192.168.0.2

# portmap set storing the allowed ports for 192.168.0.2
ipset -N ports portmap --from 1 --to 1024
ipset -A ports 21
ipset -A ports 22
ipset -A ports 25

# Binding, which attaches ports to 192.168.0.2
ipset -B servers 192.168.0.2 -b ports

# iptables rule using the set match
...
iptables -A FORWARD -m set --set servers dst,dst -j ACCEPT
iptables -A FORWARD -j DROP

Now according to the iptables rules, sets and binding, the firewall will allow trough packets destined to any port on 192.168.0.1, while for 192.168.0.2 only the ports 21, 22 and 25 will be reachable.
tags

set type the set 192 168 type uses can store memory range where each represents one servers 192 range where set match set storing iphash set

Download ipset 2.2.8

ftp://ftp.netfilter.org/pub/ipset/ipset-2.2.8-20051203.tar.bz2

Authors software

ipset 2.2.8 (by Jozsef Kadlecsik)
ipset pakcage is a framework inside the Linux 2.4.x and 2.6.x kernel, which can be administered by the ipset utility.

Depending on

Similar software

ipset 2.2.8 (by Jozsef Kadlecsik)
ipset pakcage is a framework inside the Linux 2.4.x and 2.6.x kernel, which can be administered by the ipset utility.

Depending on

Sopeq 0.2.2b (by Brad Cable)
Sopeq is a stealth ingress and egress filtering firewall for IPTables with an easy to configure rules file.

Sopeq project can be use

IpTables Rope 20051223 (by Chris Lowth)
ROPE is a "match module" for Linux IpTables that allows packets to be matched using highly flexible rules, written in a simple purpos

KWallBuilder 0.1 (by Venkata Avasarala)
KWallBuilder is a tool for adding iptable rules based on the responses of the user

levy 1.22 (by Roger Gregory)
levy is a perl script which generates a basic iptables rulesets based on a given external interface and a set of ports to open

IpKungFu 0.6.0 (by Rocco Stanzione)
IPKungFu is an iptables-based Linux firewall

quicktables 2.3 (by diaolin)
quicktables is an iptables firewall and firewall / nat (gateway) script generator

ipfreeze 0.4.8 (by Gr?goire HUBERT)
Ipfreeze is a program that listens to the netlink device

iptables 1.3.7 (by Harald Welte)
iptables and netfilter are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel

Multiscan 0.8.5 (by Karl Serstr)
Multiscan is a tcp port scanner for console which allows you to scan a range of IP addresses

Other software in this category

zlib 1.2.3 (by Jean-loup Gailly)
zlib is designed to be a free, general-purpose, legally unencumbered, lossless data-compression library for use on virtually any comp

libjpeg v6b (by Independent JPEG Group)
libjpeg is a library for handling the JPEG (JFIF) image format

OpenSSL 0.9.7c (by The OpenSSL Project Team)
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implement

libxml2 2.6.27 (by DV)
Libxml2 is the XML C parser and toolkit developed for the Gnome project (but usable outside of the Gnome platform), libxml2 library i

GNU C library 2.4 (by Andreas Jaeger)
GNU C library (glibc) is one of the most important components of GNU Hurd and most modern Linux distributions.

GNU C library is us