IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel, which can be
administered by the ipset utility. Depending on the type, currently an IP set
may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC
addresses in a way, which ensures lightning speed when matching an entry
against a set.
If you want to:
- store multiple IP addresses or port numbers and match against the collection
by iptables at one swoop;
- dynamically update iptables rules against IP addresses or ports without
- express complex IP address and ports based rulesets with one single iptables
rule and benefit from the speed of IP sets
then ipset may be the proper tool for you.