Joined: 18 Mar 2014 Posts: 12923 Location: Netherlands
Posted: Mon Nov 23, 2020 13:31 Post subject: IPSET
IPSET Introduction
IPSET is a companion application for the iptables Linux firewall.
IPSET handles lists of addresses (IP, MAC , ports, fwmark and combinations of those) quickly and efficiently.
Availability
IPSET should be available on DDWRT routers with 64 MB/+ flash size starting with build 44367.
Usage
Those list can be useful in blacklisting (blocking) (IP) addresses e.g. from known spammers, regions, websites with multiple addresses and subdomains like Youtube etc.
It can be used for whitelisting e.g. only allow a defined set of known good addresses.
But it can also be used for routing purposes e.g. routing all Netflix (sub)Domains and IP addresses via the WAN if you are using a VPN (or vice versa)
Obtaining Addresses (i.e. filling your list)
You can simply create your own list by adding addresses to your IPSET.
The second method is downloading lists of addresses from the internet, this can even be automated to refresh your list at fixed intervals.
The third method is using DNSMasq to add ip address from the (sub)domains you want.
This can be very useful for large organizations with multiple address behind their URL's like Youtube, Netflix, Amazon etc.
For examples and instructions see the attached document.
NOTE: The following document is only visible when you are logged in!