Forge Home


Linux IP sets management


31,427 latest version

4.8 quality score

Version information

  • 0.6.4 (latest)
  • 0.6.3
  • 0.6.2
  • 0.6.1
released Mar 28th 2019
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 6.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'sl0m0-ipset', '0.6.4'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add sl0m0-ipset
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install sl0m0-ipset --version 0.6.4

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



sl0m0/ipset — version 0.6.4 Mar 28th 2019


Table of Contents

  1. Overview
  2. Usage
  3. Reference
  4. Limitations
  5. Changelog
  6. Development
  7. Thanks


This module manages Linux IP sets.

  • Checks for current ipset state, before doing any changes to it.
  • Applies ipset every time it drifts from target state, not only on config file change.
  • Handles type changes.
  • Autostart support for RHEL 6 and RHEL 7 family (upstart, systemd).



IP sets can be filled from an array data structure. Typically passed from Hiera.

ipset { 'foo':
  ensure => present,
  set    => ['', ''],
  type   => 'hash:ip',


You can also pass a pre-formatted string directly, using one entry per line (with \n as a separator). This pattern is practical when generating the IP set entries using a template.

ipset { 'foo':
  ensure => present,
  set    => "\n5.6.7.8",
  type   => 'hash:ip',

Module file

IP sets content can also be stored in a module file:

ipset { 'foo':
  ensure => present,
  set    => "puppet:///modules/${module_name}/foo.ipset",

Local file

Or using a plain text file stored on the filesystem:

file { '/tmp/bar_set_content':
  ensure  => present,
  content => "\n5.6.7.8/32"
-> ipset { 'bar':
  ensure => present,
  set    => 'file:///tmp/bar_set_content',
  type   => 'hash:net',



  • Tested on Debian and RedHat-like Linux distributions
  • IPv6 sets have not been tested yet
  • Only hash ipsets are supported (this excludes bitmap and list:set)




See development


This module is a fork of pmuller/ipset, which was forked from mighq/ipset, which was based on thias/ipset.