README

   1 This is the ipset source tree. Follow the next steps to install ipset.
   2 If you upgrade from an earlier 5.x release, please read the UPGRADE
   3 instructions too.
   4
   5 0. You need the source tree of your kernel (version >= 2.6.32)
   6    and it have to be configured with ip6tables support enabled,
   7    modules compiled. For kernel versions < 2.6.39 please apply
   8    the netlink.patch against your kernel tree, which adds the
   9    new subsystem identifier for ipset.
  10
  11    Recompile and install the patched kernel and its modules. Please note,
  12    you have to run the patched kernel for ipset to work.
  13
  14    The ipset source code depends on the libmnl library so the library
  15    must be installed. You can download the libmnl library from
  16
  17         git://git.netfilter.org/libmnl.git
  18
  19 1. Initialize the compiling environment for ipset. The packages automake,
  20    autoconf, pkg-config and libtool are required.
  21
  22    % ./autogen.sh
  23
  24 2. Run `./configure` and then compile the ipset binary and the kernel
  25    modules.
  26
  27    Configure parameters can be used to to override the default path
  28    to the kernel source tree (/lib/modules/`uname -r`/build),
  29    the maximum number of sets (256), the default hash sizes (1024).
  30    See `./configure --help`.
  31
  32    % ./configure
  33    % make
  34    % make modules
  35
  36 3. Install the binary and the kernel modules
  37
  38    # make install
  39    # make modules_install
  40
  41    After installing the modules, you can run the testsuite as well.
  42    Please note, several assumptions must be met for the testsuite:
  43
  44         - no sets defined
  45         - iptables/ip6tables rules are not set up
  46         - the destination for kernel logs is /var/log/kern.log
  47         - the networks 10.255.255.0/24 and 1002:1002:1002:1002::/64
  48           are not in use
  49         - sendip utility is installed
  50
  51    # make tests
  52
  53 4. Cleanup the source tree
  54
  55    % make clean
  56    % make modules_clean
  57
  58 That's it!
  59
  60 Read the ipset(8) and iptables(8), ip6tables(8) manpages on how to use
  61 ipset and its match and target from iptables.
  62
  63 Compatibilities and incompatibilities:
  64
  65 - The ipset 6.x userspace utility contains a backward compatibility
  66   interface to support the commandline syntax of ipset 4.x.
  67   The commandline syntax of ipset 6.x is fully compatible with 5.x.
  68 - The ipset 6.x userspace utility can't talk to the kernel part of ipset 5.x
  69   or 4.x.
  70 - The ipset 6.x kernel part can't talk to the userspace utility from
  71   ipset 5.x or 4.x.
  72 - The ipset 6.x kernel part can work together with the set match and SET
  73   target from iptables 1.4.7 and below, however if you need the IPv6 support
  74   from ipset 6.x, then you have to use iptables 1.4.9 or above.
  75
  76 The ipset 6.x can interpret the commandline syntax of ipset 4.x, however
  77 some internal changes mean different behaviour:
  78
  79 - The "--matchunset" flag for the macipmap type is ignored and not used
  80   anymore.
  81 - The "--probes" and "--resize" parameters of the hash types are ignored
  82   and not used anymore.
  83 - The "--from", "--to" and "--network" parameters of the ipporthash,
  84   ipportiphash and ipportnethash types are ignored and not used anymore.
  85 - The hash types are not resized when new entries are added by the SET
  86   target. If you use a set together with the SET target, create it with
  87   the proper size because it won't be resized automatically.
  88 - The iptree, iptreemap types are not implemented in ipset 6.x. The types
  89   are automatically substituted with the hash:ip type.