Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
2.8.9.5.2. ipset Commands
The format of the ipset command is as follows:
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
Where command is one of:
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
Allowed options are:
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
ipset [options] command [command-options]
ipset [options] command [command-options][options] command [command-options][options] command [command-options][options] command [command-options][options] command [command-options]create | add | del | test | destroy | list | save | restore | flush | rename | swap | help | version | -
create | add | del | test | destroy | list | save | restore | flush | rename | swap | help | version | - -exist | -output [ plain | save | xml ] | -quiet | -resolve | -sorted | -name | -terse
-exist | -output [ plain | save | xml ] | -quiet | -resolve | -sorted | -name | -terse
The
create command is used to create a new data structure to store a set of IP data. The add command adds new data to the set, the data added is referred to as an element of the set.
The
-exist option suppresses error message if the element already exists, and it has a special role in updating a time out value. To change a time out, use the ipset add command and specify all the data for the element again, changing only the time out value as required, and using the -exist option.
The
test option is for testing if the element already exists within a set.
The format of the
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
The set-name is a suitable name chosen by the user, the type-name is the name of the data structure used to store the data comprising the set. The format of the type-name is as follows:
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
The allowed methods for storing data are:
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
The allowed data types are:
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
When adding, deleting, or testing entries in a set, the same comma separated data syntax must be used for the data that makes up one entry, or element, in the set. For example:
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
create command is as follows: ipset create set-name type-name [create-options]
ipset create set-name type-name [create-options]set-name type-name [create-options]set-name type-name [create-options]method:datatype[,datatype[,datatype]]
method:datatype[,datatype[,datatype],datatype[,datatype],datatype[,datatype]]bitmap | hash | list
bitmap | hash | list ip | net | mac | port | iface
ip | net | mac | port | iface ipset add set-name ipaddr,portnum,ipaddr
ipset add set-name ipaddr,portnum,ipaddrNote
A set cannot contain
IPv4 and IPv6 addresses at the same time. When a set is created it is bound to a family, inet for IPv4 or inet6 for IPv6, and the default is inet.
Example 2.3. Create an IP Set
To create an IP set consisting of a source IP address, a port, and destination IP address, issue a command as follows:
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
Once the set is created, entries can be added as follows:
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
ipset create my-set hash:ip,port,ip
~]# ipset create my-set hash:ip,port,ipipset add my-set 192.168.1.2,80,192.168.2.2 ipset add my-set 192.168.1.2,443,192.168.2.2
~]# ipset add my-set 192.168.1.2,80,192.168.2.2
~]# ipset add my-set 192.168.1.2,443,192.168.2.2
The set types have the following optional parameters in common. They must be specified when the set is created in order for them to be used:
timeout— The value given with thecreatecommand will be the default value for the set created. If a value is given with theaddcommand, it will be the initial non-default value for the element.
Example 2.4. List an IP Set
To list the contents of a specific IP Set,
my-set, issue a command as follows:
Omit the set name to list all sets.
Example 2.5. Test the Elements of an IP Set
Listing the contents of large sets is time consuming. You can test for the existence of an element as follows:
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
ipset test my-set 192.168.1.2,80,192.168.2.2
~]# ipset test my-set 192.168.1.2,80,192.168.2.2
192.168.1.2,tcp:80,192.168.2.2 is in set my-set.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}