~/Create Large Ipset with 10 Million IPs

Jun 15, 2023


To create a large ipset with at least 10 million IP addresses, you must use the hash:net type, as basic hash:ip or bitmap types have smaller size limits.

First, increase system memory and tune kernel parameters as ipset with millions of entries will use significant RAM.

Create the ipset with enough capacity for 10 million entries:

1

sudo ipset create bigset hash:net maxelem 12000000

Import IPs using a file, for instance ips.txt, one per line:

1
2
3

for ip in $(cat ips.txt); do
    echo "add bigset $ip"
done | sudo ipset -! restore

Alternatively, use ipset restore:

Prepare a file bigset_restore.txt:

1
2
3
4

create bigset hash:net maxelem 12000000
add bigset 192.0.2.1
add bigset 203.0.113.5
... # 10 million lines

Then apply:

1

sudo ipset restore < bigset_restore.txt

Performance may degrade with large sets. Continuous use in production is discouraged unless optimized hardware is available.

For more details, refer to the official ipset documentation.

Tags: [networking] [linux] [security]