In order to use IP sets, you need the following sources

• linux kernel source code (version >= 2.6.16 or >= 2.4.36)
• source of ipset: ipset-3.0.tar.bz2 (md5sum)

Please note, the ipset source supports kernels released by kernel.org. It may or may not work on distribution-specific kernel sources.

The installation requires the following steps

• it is assumed that you have got the kernel source tree, configured and at least the modules compiled
• donwload and unpack the source
• run KERNEL_DIR=<your-kernel-dir> make to compile the userspace tool and the kernel modules
• run KERNEL_DIR=<your-kernel-dir> make install to install the ipset userspace tool and the kernel modules
• In order to use to the set match and SET target
  • you need iptables 1.4.4 (or above), or
  • due to the ipset protocol change, you have to recompile iptables before 1.4.4 to get ipset 3.0 supported:
    • Copy the file kernel/include/linux/netfilter_ipv4/ip_set.h from the source tree of ipset-3.9 to include/linux/netfilter_ipv4 in the source of iptables
    • Recompile iptables

Read the ipset and iptables man pages before exploring the world of IP sets.