ipset类型介绍
ipset是什么
IPset是Linux内核中的⼀个框架,可以由ipset实⽤程序管理。根据类型的不同,IP集可以以某种⽅式存储IP地址、⽹络、(TCP/UDP)端⼝号、MAC地址、接⼝名或它们的组合,这确保了在与集匹配条⽬时的闪电速度。
ipset能做什么
union是什么类型
存储多个IP地址或端⼝号,并与iptables的集合⼀次性匹配;
根据IP地址或端⼝动态更新iptables规则,⽽不会影响性能;
使⽤⼀个iptables规则表⽰复杂的基于IP地址和端⼝的规则集,并受益于IPset的速度
ipset类型有哪些
1)bitmap:ip
The bitmap:ip set type uses a memory range, where each bit represents one IP address and can store u
p to 65535 (B-class network) entries. You can store same size network addresses in this kind of sets as well and an IP address will be in the set if the network address it belongs to can be found in the set.
意思是:使⽤bitmap这种类型的存储类型存储ip,这些ip存储在内存中,每⼀个位代表了⼀个ip地址,它可以存储65535条记录
2)bitmap:ip,mac
The bitmap:ip,mac set type uses a memory range, where each 8 bytes represents one IP and a MAC addresses. A bitmap:ip,mac set type can store up to 65535 (B-class network) IP addresses with MAC
意思是:使⽤bitmap这种类型的存储类型存储ip和mac地址,这些信息存储在内存中,每8字节代表⼀个ip和mac地址
3)bitmap:port
The bitmap:port set type uses a memory range, where each bit represents one TCP/UDP port. A bitmap:port type of set can store up to 65535 ports.
意思是:使⽤bitmap这种类型的存储类型存储端⼝,这些端⼝信息存储在内存中,每⼀个位代表⼀个tcp或udp端⼝
4)hash:ip
The hash:ip set type uses a hash to store IP addresses where clashing is resolved by storing the clashing elements in an array and, as a last resort, by dynamically growing the hash. Same size network addresses can be stored in an hash:ip type of set as well.
意思是:使⽤hash这种类型的存储类型存储ip,通过将冲突元素存储在数组中来解决冲突,最后通过动态增长hash来解决冲突;相同的⼤⼩的⽹络地址也可以存储在hash:ip类型的集合中
5)hash:net
The hash:net set type also uses a hash to store CIDR netblocks, which may be of different sizes. The same techique is used to avoid clashes as at the hash:ip set type
意思是:使⽤hash这种类型的存储存储CIDR的net,这个地⽅可能会有不同的⼤⼩,使⽤这个技术可以避免和hash:ip集合类型的冲突
6)hash:ip,port
The hash:ip,port is similar to hash:ip but you can store IP address and protocol-port pairs in it. TCP, S
CTP, UDP, UDPLITE, ICMP and ICMPv6 are supported with port numbers/ICMP(v6) types and other protocol numbers without port information.
意思是:使⽤hash这种类型的存储存储ip和端⼝类似于hash:ip,但是你可以存储ip和端⼝对在⾥⾯
7)hash:ip,port,ip
You can store IP address, port number, and IP address triples in an hash:ip,port,ip type of set.意思是:你可以存储ip地址、端⼝、ip三元组在集合中
8)hash:ip,port,net
You can store IP address, port number and network address triples in this kind of set.
意思是:你可以存储ip地址、端⼝、⽹段三元组在集合中
9)hash:net,port
The set type supports to store network address and port number pairs.
意思是:你可以存储⽹段、端⼝对
10)hash:net,iface
In this kind of set one can store network address and interface name pairs.
意思是:你可以存储⽹段、接⼝对
11)list:set
In a list:set kind of set you can store other sets; it is like an ordered union of different sets.
在⼀个列表中:集合种类集合你可以存储其他集合;这就像不同集合的有序联合。