How do i test an ipset entries?

amurleopard

After setting up ipset, you can test your sets using test subcommand of ipset

In my set I have the following member ips.

$ sudo ipset list block-ips
Name: block-ips
Type: hash:net
Revision: 3
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16880
References: 0
Members:
192.168.0.0/16
10.0.0.0/8
172.16.0.0/12

Test if an ip is included in your ipset.

$ sudo ipset test block-ips 10.20.0.20
10.20.0.20 is in set block-ips.
$ sudo ipset test block-ips 10.50.20.33
10.50.20.33 is in set block-ips.
$ sudo ipset test block-ips 192.169.0.1
192.169.0.1 is NOT in set block-ips.

When you have a large number of ips then the test subcommand is a really useful check.