Skip to content
This repository has been archived by the owner on Dec 14, 2020. It is now read-only.

Using ipset

Toast edited this page Apr 3, 2017 · 199 revisions

Since 3.0.0.4_270.26 ipset feature has been implemented. This is a Netfilter extension which should be able to:

  • store multiple IP addresses and/or port numbers and match against a filter list using iptables
  • dynamically update iptables rules against IP addresses or ports without a significant performance penalty
  • express complex IP address and port based rulesets with one single iptables rule and benefit from the speed of IP sets.

NOTE: For more documentation about the various commands using the ipset utility, please visit this link

Ipset Version and Router Models

Newer router has ipset version 6 while older routers has ipset version 4 , ipset cant just be updated as a normal application it relies heavily on the kernel so please consult the chart below to see your ipset version.

Routers Ipset 4 Ipset 6
RT-N66U x
RT-AC56U x
RT-AC66U x
RT-AC66U_B1
RT-AC68U x
RT-AC68P x
RT-AC68UF x
RT-AC87U x
RT-AC88U x
RT-AC1750
RT-AC1900
RT-AC1900P
RT-AC3100 x
RT-AC3200 x
RT-AC5300 x

Ipset Scripts

Note: The script with maintainers are linked in the chart to their respective installation instructions there on the wiki, within those instructions you will find information on how to install and where to get support. The Peerguardian scripts are considered legacy. Only use those if your router supports ipset version 4 and your capable to manage on your own, if you don't then consider using the iblocklist-loader instead it supports both ipset versions and have an active maintainer.

There is a full list of script that are maintained by users, most of the scripts are have various functions for blocking connections please read the description carefully before installing any of these scripts, not all scripts have maintainers and getting support on those scripts can be tricky.

ATTENTION: Scripters, feel free to append to this list and then link installation instructions on the installation instructions page, please dont add full scripts to that page cause it gets messy "keep it light", also remember not to write to JFFS partition due to wear and tear.

Scriptname Ipset Version Maintained by Supports other platforms Description
Tor and Countries Block 4,6 redhat27 no Blocks Tor nodes or countries
iblocklist-loader 4,6 redhat27 yes Block or allow using any list from iblocklist
Malware Filter 4,6 swetoast yes Blocks Malware Spreading ip addresses daily
Privacy Filter 4,6 swetoast yes Blocks Telemetry, Trackers and Shodian.io
Peerguardian v1 4 no Peerguardian
Peerguardian v2 4 no Peerguardian
Peerguardian v3 4 no Peerguardian
Disable Windows 10 Tracking 4 no Blocks Telemetry
Clone this wiki locally