From DD-WRT Wiki

Jump to: navigation, search


[edit] IPSET- Thanks to user EGC for making the forum help topic

Here is the full set of instructions on how to use IPSET: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1222209#1222209

[edit] Introduction

IPSET is a companion application for the iptables Linux firewall. IPSET handles lists of addresses (IP, MAC , ports, fwmark and combinations of those) quickly and efficiently.

[edit] Availability

IPSET should be available on DDWRT routers with 64 MB+ flash RAM and starting with build 44367.

[edit] Usage

These lists can be useful in blacklisting (blocking) (IP) addresses e.g. from known spammers, regions, websites with multiple addresses and subdomains like Youtube etc. It can, also, be used for whitelisting e.g. only allow a defined set of known good addresses. It can also be used for routing purposes e.g. routing all Netflix (sub)Domains and IP addresses via the WAN if you are using a VPN (or vice versa)

Obtaining Addresses (i.e. filling your list) You can simple create your own list by adding addresses to your IPSET.

The second method is downloading lists of addresses from the internet, this can even be automated to refresh your list at fixed intervals.

The third method is using DNSMasq to add ip address from the (sub)domains you want. This can be very useful for large organizations with multiple address behind their URL's like Youtube, Netflix, Amazon etc.