LinuxCommandLibrary

ipset

creates and manages IP sets, which are framework for storing IP

TLDR

Create an empty IP set

$ ipset create [set_name] hash:ip
copy
Add an IP address to a set
$ ipset add [set_name] [192.168.1.25]
copy
Delete an IP address from a set
$ ipset del [set_name] [192.168.1.25]
copy
Destroy an IP set
$ ipset destroy [set_name]
copy
Save an IP set to file
$ ipset save [set_name] > [path/to/ip_set]
copy
List all IP sets
$ ipset list
copy

SYNOPSIS

ipset command [options]

DESCRIPTION

ipset creates and manages IP sets, which are framework for storing IP addresses, networks, ports, and combinations thereof. Sets can be referenced in iptables/nftables rules for efficient matching against large lists.
Different set types support different entry formats: hash:ip for individual addresses, hash:net for CIDR ranges, hash:ip,port for address-port combinations. Sets use hash tables for O(1) lookup performance.

PARAMETERS

create NAME TYPE

Create a new IP set (types: hash:ip, hash:net, hash:ip,port, etc.)
add NAME ENTRY
Add entry to a set
del NAME ENTRY
Remove entry from a set
destroy NAME
Delete a set
list [NAME]
List set contents
save [NAME]
Output sets in restorable format
restore
Restore sets from saved output
flush [NAME]
Clear all entries from a set

CAVEATS

Requires root privileges. Sets must be created before they can be referenced in firewall rules. Set contents are not persistent across reboots without explicit save/restore.

HISTORY

ipset was developed by Jozsef Kadlecsik to provide efficient set-based matching for the Linux firewall. It became part of the standard Linux networking toolkit and is widely used for implementing blocklists and allowlists.

SEE ALSO

iptables(8), nft(8), firewalld(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community