Also known as: FWset

IPsets are an extension to linux IPtables firewalling functionaliy. It is a part of the larger netfilter framework. IPsets allow administrators to write firewall rules that match sets of IP ranges or ports efficiently.

One example use case is to create a blacklist in your firewall for IP addresses that are known to be malicious actors. An administrator will maintain an IPset containing the blacklisted IP addresses and create a firewall rule that will drop all traffic from the set. These sets are stored as binary indexes allowing for efficient lookup.

IPsets also simplify certain network configurations such as network segmentation.