ipset 2.2.8
Sponsored Links
ipset 2.2.8 Ranking & Summary
File size:
0.026 MB
Platform:
Any Platform
License:
GPL (GNU General Public License)
Price:
Downloads:
1365
Date added:
2006-02-09
Publisher:
Jozsef Kadlecsik
ipset 2.2.8 description
ipset pakcage is a framework inside the Linux 2.4.x and 2.6.x kernel, which can be administered by the ipset utility.
Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set.
If you want to:
store multiple IP addresses or port numbers and match against the collection by iptables at one swoop
dynamically update iptables rules against IP addresses or ports without performance penalty
express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets
then ipset may be the proper tool for you.
Main features:
ipmap
- The ipmap set type uses a memory range, where each bit represents one IP address and can store up to 65535 (B-class network) entries. You can store same size network addresses in an ipset as well and an IP address will be in the set if the network address it belongs to can be found in the set.
macipmap
- The macipmap set type uses a memory range, where each 8 bytes represents one IP and a MAC addresses. A macipmap set type can store up to 65535 (B-class network) IP addresses with MAC.
portmap
- The portmap set type uses a memory range, where each bit represents one port. A portmap type of set can store up to 65535 ports.
iphash
- The iphash set type uses a hash to store IP addresses where clashing is resolved by double-hashing and, as a last resort, by dynamically growing the hash. Same size network addresses can be stored in an iphash as well.
nethash
- The nethash set type also uses a hash to store CIDR netblocks, which may be of different sizes. The same techique is used to avoid clashes as at the iphash set type.
iptree
- The iptree set type uses a tree to store IP addresses, optionally with timeout values.
Bindings
IP sets allows you to bind an entry in a set to another set, which forms a relationship between the set element and the set it is bound to. The sets may have a default binding, which is valid for every set element for which there is no binding defined at all.
The bindings have no special meaning at the set level. However, you can benefit from them when using the set match of iptables. The set match will follow the bindings and will return a true (matched) value only if the packet parameters match all bindings it found.
Lets see an example:
# ipmap set storing the IP addresses of two machines
ipset -N servers ipmap --network 192.168.0.0/16
ipset -A servers 192.168.0.1
ipset -A servers 192.168.0.2
# portmap set storing the allowed ports for 192.168.0.2
ipset -N ports portmap --from 1 --to 1024
ipset -A ports 21
ipset -A ports 22
ipset -A ports 25
# Binding, which attaches ports to 192.168.0.2
ipset -B servers 192.168.0.2 -b ports
# iptables rule using the set match
...
iptables -A FORWARD -m set --set servers dst,dst -j ACCEPT
iptables -A FORWARD -j DROP
Now according to the iptables rules, sets and binding, the firewall will allow trough packets destined to any port on 192.168.0.1, while for 192.168.0.2 only the ports 21, 22 and 25 will be reachable.
Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set.
If you want to:
store multiple IP addresses or port numbers and match against the collection by iptables at one swoop
dynamically update iptables rules against IP addresses or ports without performance penalty
express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets
then ipset may be the proper tool for you.
Main features:
ipmap
- The ipmap set type uses a memory range, where each bit represents one IP address and can store up to 65535 (B-class network) entries. You can store same size network addresses in an ipset as well and an IP address will be in the set if the network address it belongs to can be found in the set.
macipmap
- The macipmap set type uses a memory range, where each 8 bytes represents one IP and a MAC addresses. A macipmap set type can store up to 65535 (B-class network) IP addresses with MAC.
portmap
- The portmap set type uses a memory range, where each bit represents one port. A portmap type of set can store up to 65535 ports.
iphash
- The iphash set type uses a hash to store IP addresses where clashing is resolved by double-hashing and, as a last resort, by dynamically growing the hash. Same size network addresses can be stored in an iphash as well.
nethash
- The nethash set type also uses a hash to store CIDR netblocks, which may be of different sizes. The same techique is used to avoid clashes as at the iphash set type.
iptree
- The iptree set type uses a tree to store IP addresses, optionally with timeout values.
Bindings
IP sets allows you to bind an entry in a set to another set, which forms a relationship between the set element and the set it is bound to. The sets may have a default binding, which is valid for every set element for which there is no binding defined at all.
The bindings have no special meaning at the set level. However, you can benefit from them when using the set match of iptables. The set match will follow the bindings and will return a true (matched) value only if the packet parameters match all bindings it found.
Lets see an example:
# ipmap set storing the IP addresses of two machines
ipset -N servers ipmap --network 192.168.0.0/16
ipset -A servers 192.168.0.1
ipset -A servers 192.168.0.2
# portmap set storing the allowed ports for 192.168.0.2
ipset -N ports portmap --from 1 --to 1024
ipset -A ports 21
ipset -A ports 22
ipset -A ports 25
# Binding, which attaches ports to 192.168.0.2
ipset -B servers 192.168.0.2 -b ports
# iptables rule using the set match
...
iptables -A FORWARD -m set --set servers dst,dst -j ACCEPT
iptables -A FORWARD -j DROP
Now according to the iptables rules, sets and binding, the firewall will allow trough packets destined to any port on 192.168.0.1, while for 192.168.0.2 only the ports 21, 22 and 25 will be reachable.
ipset 2.2.8 Screenshot
ipset 2.2.8 Keywords
IP
Linux 2.4.x
Store IP Addresses
IP addresses
set type
can be
ipset
addresses
type
ports
store
Iptables
ipset 2.2.8
Libraries
Programming
Bookmark ipset 2.2.8
ipset 2.2.8 Copyright
WareSeeker periodically updates pricing and software information of ipset 2.2.8 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of ipset 2.2.8 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
ip address
tracking ip addresses
ip addresses connected to my computer
find ip addresses
youtube ip addresses
private ip addresses
trace ip addresses
tracing ip addresses
track ip addresses
storehouse
portsmouth new hampshire
addresses of people
search ip addresses
portsmouth
email addresses
ipsetech
target stores
addresses white pages
Related Software
iptables is a Linux kernel packet control tool. Free Download
Sopeq is a stealth ingress and egress filtering firewall for IPTables with an easy to configure rules file. Free Download
IP::Country is a tool for fast lookup of country codes from IP addresses. Free Download
Ipanto Lite is a powerful IP address management (IPAM) tool. Free Download
v9fs is a 9P2000 resource-sharing protocol implementation for Linux 2.6. Free Download
Jumper is a small program for the search and analysis of hosts. Free Download
ipsort script sorts a STDIN of IP addresses to STDOUT. Free Download
mp_doccer is a tool that travels C code files. Free Download
Latest Software
Popular Software
Favourite Software
