Linux command
ipset 命令
网络
复制后可按需替换文件名、目录或参数。
常用示例
Create
ipset create [set_name] hash:ip
Add
ipset add [set_name] [192.168.1.25]
Delete
ipset del [set_name] [192.168.1.25]
Destroy
ipset destroy [set_name]
Save
ipset save [set_name] > [path/to/ip_set]
List
ipset list
Test
ipset test [set_name] [192.168.1.25]
Restore
ipset restore < [path/to/ip_set]
说明
ipset creates and manages IP sets, a framework for storing IP addresses, networks, ports, and combinations thereof. Sets can be referenced in iptables/nftables rules for efficient matching against large lists. Different set types support different entry formats: hash:ip for individual addresses, hash:net for CIDR ranges, hash:ip,port for address-port combinations. Sets use hash tables for O(1) lookup performance.
参数
- create _NAME_ _TYPE_
- Create a new IP set (types: hash:ip, hash:net, hash:ip,port, etc.)
- add _NAME_ _ENTRY_
- Add entry to a set
- del _NAME_ _ENTRY_
- Remove entry from a set
- destroy _NAME_
- Delete a set
- list _NAME_
- List set contents
- save _NAME_
- Output sets in restorable format
- restore
- Restore sets from saved output
- test _NAME_ _ENTRY_
- Test if an entry is in a set
- flush _NAME_
- Clear all entries from a set
- -exist
- Ignore errors when adding already existing entries or deleting non-existing entries
- -quiet
- Suppress output
FAQ
What is the ipset command used for?
ipset creates and manages IP sets, a framework for storing IP addresses, networks, ports, and combinations thereof. Sets can be referenced in iptables/nftables rules for efficient matching against large lists. Different set types support different entry formats: hash:ip for individual addresses, hash:net for CIDR ranges, hash:ip,port for address-port combinations. Sets use hash tables for O(1) lookup performance.
How do I run a basic ipset example?
Run `ipset create [set_name] hash:ip` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does create _NAME_ _TYPE_ do in ipset?
Create a new IP set (types: hash:ip, hash:net, hash:ip,port, etc.)