ipset类型介绍

ipset是什么

    IPset是Linux内核中的一个框架，可以由ipset实用程序管理。根据类型的不同，IP集可以以某种方式存储IP地址、网络、(TCP/UDP)端口号、MAC地址、接口名或它们的组合，这确保了在与集匹配条目时的闪电速度。

 

ipset能做什么

存储多个IP地址或端口号，并与iptables的集合一次性匹配;

根据IP地址或端口动态更新iptables规则，而不会影响性能;

使用一个iptables规则表示复杂的基于IP地址和端口的规则集，并受益于IPset的速度

 

ipset类型有哪些

1）bitmap:ip 

The bitmap:ip set type uses a memory range, where each bit represents one IP address and can store up to 65535 (B-class network) entries. You can store same size network addresses in this kind of sets as well and an IP address will be in the set if the network address it belongs to can be found in the set.

意思是：使用bitmap这种类型的存储类型存储ip，这些ip存储在内存中，每一个位代表了一个ip地址，它可以存储65535条记录

 

2）bitmap:ip,mac

The bitmap:ip,mac set type uses a memory range, where each 8 bytes represents one IP and a MAC addresses. A bitmap:ip,mac set type can store up to 65535 (B-class network) IP addresses with MAC

意思是：使用bitmap这种类型的存储类型存储ip和mac地址，这些信息存储在内存中，每8字节代表一个ip和mac地址

 

3）bitmap:port

The bitmap:port set type uses a memory range, where each bit represents one TCP/UDP port. A bitmap:port type of set can store up to 65535 ports.

意思是：使用bitmap这种类型的存储类型存储端口，这些端口信息存储在内存中，每一个位代表一个tcp或udp端口

 

4）hash:ip

The hash:ip set type uses a hash to store IP addresses where clashing is resolved by storing the clashing elements in an array and, as a last resort, by dynamically growing the hash. Same size network addresses can be stored in an hash:ip type of set as well.

意思是：使用hash这种类型的存储类型存储ip，通过将冲突元素存储在数组中来解决冲突，最后通过动态增长hash来解决冲突；相同的大小的网络地址也可以存储在hash:ip类型的集合中

 

5）hash:net

The hash:net set type also uses a hash to store CIDR netblocks, which may be of different sizes. The same techique is used to avoid clashes as at the hash:ip set type

意思是：使用hash这种类型的存储存储CIDR的net，这个地方可能会有不同的大小，使用这个技术可以避免和hash:ip集合类型的冲突

 

6）hash:ip,port

The hash:ip,port is similar to hash:ip but you can store IP address and protocol-port pairs in it. TCP, SCTP, UDP, UDPLITE, ICMP and ICMPv6 are supported with port numbers/ICMP(v6) types and other protocol numbers without port information.

意思是：使用hash这种类型的存储存储ip和端口类似于hash:ip，但是你可以存储ip和端口对在里面

 

7）hash:ip,port,ip

You can store IP address, port number, and IP address triples in an hash:ip,port,ip type of set.

意思是：你可以存储ip地址、端口、ip三元组在集合中

 

8）hash:ip,port,net

You can store IP address, port number and network address triples in this kind of set.

意思是：你可以存储ip地址、端口、网段三元组在集合中

 

9）hash:net,port

The set type supports to store network address and port number pairs.

意思是：你可以存储网段、端口对

 

10）hash:net,iface

In this kind of set one can store network address and interface name pairs.

意思是：你可以存储网段、接口对

 

11）list:set

In a list:set kind of set you can store other sets; it is like an ordered union of different sets.

在一个列表中:集合种类集合你可以存储其他集合；这就像不同集合的有序联合。