linux: ipset命令

一，ipset命令功能:

1, ipset是一个用于管理IP地址集合的工具，主要用于‌Linux系统中高效处理大量IP地址。
它提供了创建、添加、删除、查询和测试集合的操作

 

2,查看ipset的文件路径:

[lhdop@blog ~]$ whereis ipset
ipset: /usr/sbin/ipset /usr/share/man/man8/ipset.8.gz 

查看所属的rpm包:

[lhdop@blog ~]$ rpm -qf /usr/sbin/ipset
ipset-7.1-1.el8.x86_64

二，例子:

1,查看所有集合

[root@blog ~]# ipset list
Name: attackssh
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 168
References: 0
Number of entries: 1
Members:
13.57.13.15

2,查看指定集合:

[root@blog ~]# ipset list attackssh
Name: attackssh
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 168
References: 0
Number of entries: 1
Members:
13.57.13.15

 3,创建集合:

[root@blog ~]# ipset create myset hash:ip

查看列表:

[root@blog ~]# ipset list myset
Name: myset
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 120
References: 0
Number of entries: 0
Members:

4,在集合中添加ip

[root@blog ~]# ipset add myset 192.168.1.100

查看列表:

[root@blog ~]# ipset list myset
Name: myset
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 168
References: 0
Number of entries: 1
Members:
192.168.1.100

5,判断某个ip是否在指定的集合中

[root@blog ~]# ipset test myset 192.168.1.100
Warning: 192.168.1.100 is in set myset.

6,从集合中删除ip 

[root@blog ~]# ipset del myset 192.168.1.100

查看集合成员:

[root@blog ~]# ipset list myset
Name: myset
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 120
References: 0
Number of entries: 0
Members:

7,删除集合本身:

[root@blog ~]# ipset destroy myset

再次查看时集合已不存在

[root@blog ~]# ipset list myset
ipset v7.1: The set with the given name does not exist

 三，查看ipset的版本:

[root@blog ~]# ipset --version
ipset v7.1, protocol version: 7
Warning: Kernel support protocol versions 6-6 while userspace supports protocol versions 6-7