Download and Install

In order to use IP sets, you need the following sources

Please note, patch-o-matic-ng supports kernels released by kernel.org. It may or may not work on distribution-specific kernel sources.

The installation requires the following steps

  • donwload and unpack the sources;
  • run make menuconfig or equivalent in the kernel source directory to preconfigure the kernel
  • run KERNEL_DIR=/where/the/kernel/source ./runme set from the patch-o-matic-ng directory and patch your kernel with the IP set functionality;
  • go back to the kernel source directory, run make oldconfig. Enable the new IP set related options, then compile and install the kernel as usual.
  • run KERNEL_DIR=... make, then KERNEL_DIR=... make install in the iptables source code directory. Similarly to patch-o-matic-ng, you must specify the proper kernel source directory name via the KERNEL_DIR variable.
  • repeat the previous step in the ipset source directory
and ready!

Read the ipset and iptables man pages before exploring the world of IP sets.