Bug 706624

Summary: ipset
Product: [Fedora] Fedora Reporter: Account closed by user <c719711>
Component: distributionAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact: Bill Nottingham <notting>
Severity: low Docs Contact:
Priority: unspecified    
Version: rawhideCC: dennis, fc6_req, jskala, redhat, rvokal, twoerner
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://ipset.netfilter.org/
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-20 12:41:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Account closed by user 2011-05-21 16:51:44 UTC 
IP sets are a framework inside the Linux kernel netfilter subsystem,
which can be administered by the ipset utility. Depending on the
type, currently an IP set may store IP addresses, (TCP/UDP) port
numbers or IP addresses with MAC addresses in a way, which ensures
lightning speed when matching an entry against a set.

Features:

 * store multiple IP addresses or port numbers and match
   against the collection by iptables at one swoop;
 * dynamically update iptables rules against IP addresses or
   ports without performance penalty;
 * express complex IP address and ports based rulesets with one
   single iptables rule and benefit from the speed of IP sets
Comment 1 Bill Nottingham 2011-05-23 14:54:50 UTC 
CC'ing some people who may have a passing interest.
Comment 2 Chen Lei 2011-05-23 16:02:25 UTC 
*** Bug 196234 has been marked as a duplicate of this bug. ***
Comment 3 Thomas Woerner 2011-07-07 16:59:50 UTC 
The Fedora 16 kernel (linux-3.0) will have support for ipset.

Here are libmnl and ipset test packages for Fedora 16:
http://twoerner.fedorapeople.org/ipset/
http://twoerner.fedorapeople.org/libmnl/