Tutorial: "Ipset - a tool for faster, more efficient firewalling with iptables" (Jozsef Kadlecsik)


Building a firewall with netfilter/iptables is an easy task: there are countless of extensions and just imagination limits us. However, in practice the goal is to build a fast and efficient firewall, usually with a large number of rules and that is a not so trivial task. ipset comes to help in that case: most of the rules can be collapsed into fast matches in sets. In this tutorial ipset will be explained in details, both the features with which efficient firewalls can be built up and the internals which provides the fast evaluations.