From 52815a09ea1bc0dd8f54629230935c71c06df1c9 Mon Sep 17 00:00:00 2001 From: Michal Bialozor Date: Fri, 2 Sep 2011 08:20:04 -0300 Subject: network/ipset: Added (administration tool for IP sets) Signed-off-by: Niels Horn --- network/ipset/README | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 network/ipset/README (limited to 'network/ipset/README') diff --git a/network/ipset/README b/network/ipset/README new file mode 100644 index 0000000000..4451015581 --- /dev/null +++ b/network/ipset/README @@ -0,0 +1,21 @@ +IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel, +which can be administered by the ipset utility. Depending on the type, +currently an IP set may store IP addresses, (TCP/UDP) port numbers +or IP addresses with MAC addresses in a way, which ensures lightning +speed when matching an entry against a set. + +If you want to: + +* store multiple IP addresses or port numbers and match against + the collection by iptables at one swoop; +* dynamically update iptables rules against IP addresses or ports + without performance penalty; +* express complex IP address and ports based rulesets with one + single iptables rule and benefit from the speed of IP sets + +then ipset may be the proper tool for you. + +IP sets was written by Jozsef Kadlecsik and it is based on ippool +by Joakim Axelsson, Patrick Schaaf and Martin Josefsson. + +This requires kernel-source. -- cgit v1.2.3