IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel, which can be administered by theipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set.
refer to http://ipset.netfilter.org/;
ipset是高效管理 ip地址/端口/mac地址 的模块,一般用于辅助提高iptables的性能;
例如,
ipset -N testset iphash
ipset -A testset 192.168.1.1
ipset -A testset 192.168.2.2
iptables -A INPUT -m set –set testset src -j DROP
转载请注明:爱开源 » ipset辅助提高iptables性能