IP sets are a framework inside the Linux kernel since version 2.4.x, which can
be administered by the ipset utility. Depending on the type, currently an IP
set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC
addresses in a way, which ensures lightning speed when matching an entry
against a set.
If you want to:
- store multiple IP addresses or port numbers and match against the collection
by iptables at one swoop;
- dynamically update iptables rules against IP addresses or ports without
performance penalty;
- express complex IP address and ports based rulesets with one single iptables
rule and benefit from the speed of IP sets
then ipset may be the proper tool for you.
* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 7.1-1
- Rebuilt for MSVSphere 8.8
* Sun May 26 2019 Stefano Brivio <sbrivio@redhat.com> - 7.1-1
- Rebase to 7.1 (RHBZ#1649090):
- Add compatibility support for strscpy()
- Correct the manpage about the sort option
- Add missing functions to libipset.map
- configure.ac: Fix build regression on RHEL/CentOS/SL (Serhey Popovych)
- Implement sorting for hash types in the ipset tool
- Fix to list/save into file specified by option (reported by Isaac Good)
- Introduction of new commands and protocol version 7, updated kernel include files
- Add compatibility support for async in pernet_operations
- Use more robust awk patterns to check for backward compatibility
- Prepare the ipset tool to handle multiple protocol version
- Fix warning message handlin
- Correct to test null valued entry in hash:net6,port,net6 test
- Library reworked to support embedding ipset completely
- Add compatibility to support kvcalloc()
- Validate string type attributes in attr2data() (Stefano Brivio)
- manpage: Add comment about matching on destination MAC address (Stefano Brivio)
(RHBZ#1649079)
- Add compatibility to support is_zero_ether_addr()
- Fix use-after-free in ipset_parse_name_compat() (Stefano Brivio) (RHBZ#1649085)
- Fix leak in build_argv() on line parsing error (Stefano Brivio) (RHBZ#1649085)
- Simplify return statement in ipset_mnl_query() (Stefano Brivio) (RHBZ#1649085)
- tests/check_klog.sh: Try dmesg too, don't let shell terminate script (Stefano Brivio)
- Fixes:
- Fix all shellcheck warnings in init script (RHBZ#1649085)
- Make error reporting consistent, introduce different severities (RHBZ#1683711)
- While restoring, on invalid entries, remove them and retry (RHBZ#1683713)
- Fix covscan SC2166 warning in init script (RHBZ#1649085)
* Tue Nov 13 2018 Stefano Brivio <sbrivio@redhat.com> - 6.38-3
- Fix loading of sets with dependencies on other sets (RHBZ#1647096), and
hardcode 6.38-1.el7 for ipset-service upgrade and downgrade triggers, so that
we don't run into issues with z-stream updates
* Mon Oct 08 2018 Stefano Brivio <sbrivio@redhat.com> - 6.38-2
- Drop ipset-devel dependency on kernel-devel (RHBZ#163175)
* Tue Aug 14 2018 Stefano Brivio <sbrivio@redhat.com> - 6.38-1
- Update to 6.38, source from RHEL7 6.38-2 (RHBZ#1615967)
* Mon Feb 12 2018 Eric Garver <egarver@redhat.com> - 6.35-3
- Patch for missing header file (RHBZ#1543596)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.35-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Jan 08 2018 Nicolas Chauvet <kwizart@gmail.com> - 6.35-1
- Update to 6.35
* Mon Jul 31 2017 Nicolas Chauvet <kwizart@gmail.com> - 6.32-1
- Update to 6.32
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 6.29-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
