linux: ipset命令
一,ipset命令功能:
1, ipset是一个用于管理IP地址集合的工具,主要用于Linux系统中高效处理大量IP地址。
它提供了创建、添加、删除、查询和测试集合的操作
它提供了创建、添加、删除、查询和测试集合的操作
2,查看ipset的文件路径:
[lhdop@blog ~]$ whereis ipset
ipset: /usr/sbin/ipset /usr/share/man/man8/ipset.8.gz 查看所属的rpm包:
[lhdop@blog ~]$ rpm -qf /usr/sbin/ipset
ipset-7.1-1.el8.x86_64二,例子:
1,查看所有集合
[root@blog ~]# ipset list
Name: attackssh
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 168
References: 0
Number of entries: 1
Members:
13.57.13.152,查看指定集合:
[root@blog ~]# ipset list attackssh
Name: attackssh
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 168
References: 0
Number of entries: 1
Members:
13.57.13.153,创建集合:
[root@blog ~]# ipset create myset hash:ip查看列表:
[root@blog ~]# ipset list myset
Name: myset
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 120
References: 0
Number of entries: 0
Members:4,在集合中添加ip
[root@blog ~]# ipset add myset 192.168.1.100查看列表:
[root@blog ~]# ipset list myset
Name: myset
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 168
References: 0
Number of entries: 1
Members:
192.168.1.1005,判断某个ip是否在指定的集合中
[root@blog ~]# ipset test myset 192.168.1.100
Warning: 192.168.1.100 is in set myset.6,从集合中删除ip
[root@blog ~]# ipset del myset 192.168.1.100查看集合成员:
[root@blog ~]# ipset list myset
Name: myset
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 120
References: 0
Number of entries: 0
Members:7,删除集合本身:
[root@blog ~]# ipset destroy myset再次查看时集合已不存在
[root@blog ~]# ipset list myset
ipset v7.1: The set with the given name does not exist三,查看ipset的版本:
[root@blog ~]# ipset --version
ipset v7.1, protocol version: 7
Warning: Kernel support protocol versions 6-6 while userspace supports protocol versions 6-7
