summaryrefslogtreecommitdiff
path: root/network/ipset/README
diff options
context:
space:
mode:
Diffstat (limited to 'network/ipset/README')
-rw-r--r--network/ipset/README21
1 files changed, 21 insertions, 0 deletions
diff --git a/network/ipset/README b/network/ipset/README
new file mode 100644
index 0000000000..4451015581
--- /dev/null
+++ b/network/ipset/README
@@ -0,0 +1,21 @@
+IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel,
+which can be administered by the ipset utility. Depending on the type,
+currently an IP set may store IP addresses, (TCP/UDP) port numbers
+or IP addresses with MAC addresses in a way, which ensures lightning
+speed when matching an entry against a set.
+
+If you want to:
+
+* store multiple IP addresses or port numbers and match against
+ the collection by iptables at one swoop;
+* dynamically update iptables rules against IP addresses or ports
+ without performance penalty;
+* express complex IP address and ports based rulesets with one
+ single iptables rule and benefit from the speed of IP sets
+
+then ipset may be the proper tool for you.
+
+IP sets was written by Jozsef Kadlecsik and it is based on ippool
+by Joakim Axelsson, Patrick Schaaf and Martin Josefsson.
+
+This requires kernel-source.