IPSet

''IPSet is used to set up, maintain and inspect so called IP sets in the Linux kernel. Depending on the  type of  the  set,  an IP set may store IP(v4/v6) addresses, (TCP/UDP) port numbers, IP and MAC address pairs, IP address and port number pairs, etc.'' - Wikipedia

IPSet is a tool for Iptables, successor of IPpool. It is an administration tool for IP sets which can be added to IPTables rules to filter out networks.

Prerequisites
You will need to configure your kernel to support ipset.

Kernel
For example, if ipset support is compiled as a module:

then select the desired ipset types.

Emerge
Install IPSet:

Filtering
The simple following script can be used to filter IP addresses based on a file that have to be retrieved on the internet, and then create or update iptables firewall rules:

The above script is just a simple way to retrieve different or various IPSet table and make use of an up to date filtering.

The script creates a new table and swap and destroys a previous set if one exists. For a more refined script see the following examples:


 * ips.bash - bash version
 * ips.zsh - zsh version

Save the rules to a file and start IPSet init service:

The previous network filtering can be added to iptables with the following command:

External resources

 * Forum thread