ipset - administration tool for kernel IP sets

Property Value
Distribution Debian 8 (Jessie)
Repository Debian Main amd64
Package name ipset
Package version 6.23
Package release 2
Package architecture amd64
Package type deb
Installed size 173 B
Download size 44.80 KB
Official Mirror ftp.br.debian.org
IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel which can be
administered by the ipset(8) utility. Depending on the type, currently an
IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with
MAC addresses in a  way which ensures lightning speed when matching an
entry against a set.
If you want to
* store multiple IP addresses or port numbers and match against the
entire collection using a single iptables rule.
* dynamically update iptables rules against IP addresses or ports without
performance penalty.
* express complex IP address and ports based rulesets with a single
iptables rule and benefit from the speed of IP sets.
then IP sets may be the proper tool for you.


Package Version Architecture Repository
ipset_6.23-2_i386.deb 6.23 i386 Debian Main
ipset - - -


Name Value
iptables -
libc6 >= 2.4
libipset3 >= 6.14-1~


Name Value
ipset-6.23 -


Type URL
Binary Package ipset_6.23-2_amd64.deb
Source Package ipset

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install ipset deb package:
    # sudo apt-get install ipset




2014-09-26 - Neutron Soutmun <neo.neutron@gmail.com>
ipset (6.23-2) unstable; urgency=medium
* Make libipset3 package go to the "libs" section
* debian/control:
- libipset3 should be the "libs" section instead of "net".
Thanks to Christoph Anton Mitterer. (Closes: #762847)
2014-09-17 - Neutron Soutmun <neo.neutron@gmail.com>
ipset (6.23-1) unstable; urgency=medium
* Imported Upstream version 6.23
* Drop patches, merged upstream
* d/p/01-fix-grammar-error-in-manpage.patch,
- Drop, merged upstream.
* d/p/04-temporary-drop-ipmarkhash-test.patch:
- Kernel shipped with Debian already support the ipmarkhash module.
* Update Debian symbols file
* Explicitly add tests list to debian regression test
* debian/tests/regression:
- There are some ipset modules that Debian does not support in the
current Linux kernel and the patch apply to the source test script
is an inconvenient way. Therefore, add tests list to the debian
regression test file is easy and maintainable.
* Add patch
* debian/patches/fix-hyphen-used-as-minus-sign-in-manpage.patch:
- Fix hyphen used as minus sign in manpage.
* debian/copyright: Update copyright years
2014-04-04 - Neutron Soutmun <neo.neutron@gmail.com>
ipset (6.21.1-2) unstable; urgency=low
* Add tests follow the DEP8
* debian/control:
- Add XS-Testsuite: autopkgtest
* debian/tests/control:
- Add test control file
* debian/tests/regression:
- Add regression test wrapper for tests/runtest.sh
* Add a patch to make the test scripts run in "as-installed" situation
* d/patches/03-Pass-IPSET_BIN-to-test-scripts-to-change-binary-loca.patch:
- It is required to make the test scripts run in "as-installed"
situation, the scripts should invokes the system installed "ipset"
* Add a patch to drop unsupported module test
* debian/patches/03-temporary-drop-ipmarkhash-test.patch:
- Temporary drop the ipmarkhash test as the Debian kernel is not
support yet.
* Add a patch to delay the set with timeout resizing test
* debian/patches/05-delay-the-set-with-timeout-resizing-test.patch:
- The set with timeout resizing sometimes finish early, the condition
fail with false-positive. Add 1 more second delay to satisfy the
condition check.
2014-03-08 - Neutron Soutmun <neo.neutron@gmail.com>
ipset (6.21.1-1) unstable; urgency=low
* Imported Upstream version 6.21.1
* Drop a patch that has been merged upstream
* debian/patches/01-Set-extglob-shell-option-in-global-scoped.patch:
- Drop, merged upstream.
* Bump Standards-Version to 3.9.5, no changes needed
* Add lintian-overrides
* debian/lintian-overrides:
- Overrides "ipset: shell-script-fails-syntax-check
etc/bash_completion.d/ipset", false-positives as the script using
* Update symbols file
* debian/patches/01-fix-grammar-error-in-manpage.patch:
- Replace Allows_to with Allows_one_to.
* debian/patches/02-fix-printf-format-warning.patch:
- Fix printf format warning.
* Switch debian package compression to xz
2013-10-28 - Neutron Soutmun <neo.neutron@gmail.com>
ipset (6.20.1-1) unstable; urgency=low
* Imported Upstream version 6.20.1
* Drop d/p/02-Fix-hyphen-used-as-minus-sign-in-manpage.patch, fixed upstream
* debian/libipset3.symbols: Update symbols file
* Update Vcs-Git field to canonical URI

See Also

Package Description
ipsvd_1.0.0-3_amd64.deb Internet protocol service daemons
iptables-converter-doc_0.9.5-1_all.deb sphinx documentation for iptables-converter
iptables-converter_0.9.5-1_all.deb convert iptables-commands from a file to iptables-save format
iptables-dev_1.4.21-2+b1_amd64.deb iptables development files
iptables-persistent_1.0.3+deb8u1_all.deb boot-time loader for netfilter rules, iptables plugin
iptables_1.4.21-2+b1_amd64.deb administration tools for packet filtering and NAT
iptotal_0.3.3-13_amd64.deb monitor for IP traffic, not requiring SNMP
iptraf-ng_1.1.4-1_amd64.deb Next Generation Interactive Colorful IP LAN Monitor
iptraf_3.0.0-8.1_amd64.deb Interactive Colorful IP LAN Monitor
iptstate_2.2.5-1_amd64.deb top-like interface to your netfilter connection-tracking table
iptux_0.6.1-1_amd64.deb intranet communication tool for Linux
iputils-arping_20121221-5+b2_amd64.deb Tool to send ICMP echo requests to an ARP address
iputils-clockdiff_20121221-5+b2_amd64.deb Measure the time difference between networked computers
iputils-ping_20121221-5+b2_amd64.deb Tools to test the reachability of network hosts
iputils-tracepath_20121221-5+b2_amd64.deb Tools to trace the network path to a remote host