Explanation of the config files for creating ipsetsΒΆ

Allowed options on ipset section

ipset:

Section for ipset

description:

Free text to add description to each ipset
ipset_type:

hash:net,port or hash:ip,port or hash:net or hash:ip or hash:ip,port,net or hash:ip,port,ip or list:set

The above types are allowed to be defined when describing an ipset.
set_name:

Here we define the name this ipset

Please note that depending for each IP protocol version _v4 or _v6 will be appended when the set is actually created on the kernel side.
netgroup_set_name:
 

Here we define the name of a LanDB set from which host we will create the ipset

Note that if we don’t specify a name the set will take the LanDB name if its smaller than 29 chars
netgroup_set_list:
 

Here we define a list of LandDB sets so we can create ipsets based on many LanDB sets

Note that depending on the ipset type each element of the list should in the appropriate format

  • e.g. ["script_double:test_port.sh","script_double:test_port_2.sh","agkara-train,6178"]
  • e.g. ['CERNVM-CLUSTER-ESX,tcp:5530,CDS LB','DRUPAL,tcp:6677,FRONTIER-MONITORING']
  • e.g. ["script:test.sh,80","script:test_2.sh,443","agkara-train,6178"]
set_hostnames:

Here we define the hostname or list of hostnames or script that returns list of hostnames

This option is used on almost all set types to define the appropriate data depending on the set type.
set_ips_v4:

Here we define ip or ip,port or list of ips or ips,ports or script that returns list of each type for IPv4 ipset
set_ips_v6:

Here we define ip or ip,port or list of ips or ips,ports or script that returns list of each type for IPv6 ipset
set_net_ranges_v4:
 

Here we define network range and/or port or list of network ranges and/or ports or script that returns list of each type for IPv4 ipset
set_net_ranges_v6:
 

Here we define network range and/or port or list of network ranges and/or ports or script that returns list of each type for IPv6 ipset
set_ip_port_ip_v4:
 

Here we define ip,port,ip for IPv4 ipset
set_ip_port_ip_v6:
 

Here we define ip,port,ip for IPv6 ipset
set_ip_port_net_v4:
 

Here we define ip,port,net_range for IPv4 ipset
set_ip_port_net_v6:
 

Here we define ip,port,net_range for IPv6 ipset
script:

When you want to use a script inside the ipset for either hostnames or netgroup_set_list you have to define the script:keyword” and then the script as you would normally type in the command line.
script_double:

When you want to use a script to return pairs of hostname,port inside the ipset for hostnames you have to define the script_double:keyword” and then the script as you would normally type in the command line.
netgroup:

When you want to use a netgroup to return hostnames inside the ipset for hostnames option you have to define the netgroup:keyword” and then the name for of the netgroup.