IPSETD-NG DBI driver manual

IPSETD-NG DBI driver is part of the package IPSET-NG and operates only in the server part IPSETD-NG. DBI driver based on libraries libdbi.
This is the secondary driver of the IPSET-NG system, use this driver we recommend on platforms where there is no installed package libipset and you can not install it.
We recommend to use the ipset driver in connection with its fuller functionality and direct appeals to the resources of the system, which reduces the overall load in more traffic.

DBI is standart for DataBase Interface. libdbi are main database independent abstraction layers and interfaces.
Explanation and device package libdbi described in detail on the author's website given here will give an idea of the conditions and the names of packages available for our distribution.
If your computer does not have a package of libdbi, and you want to install it from source, remember, you must download and make two sets of libdbi main interface and libdbi driver.

  • Internet protocol version 4 and 6 for iptables operation compatible

libDBI Support drivers:

  • MySQL
  • PostgreSQL
  • SQLite3
  • DB2
  • Ingres
  • mSQL
  • Oracle
  • Firebird/Interbase
  • FreeTDS (provides access to MS SQL Server and Sybase)

libDBI visual interaction scheme:



libdbi implements a database-independent abstraction layer in C, similar to the DBI/DBD layer in Perl. Writing one generic set of code, programmers can leverage the power of multiple DBs and multiple simultaneous DB connections by using this framework.

Support and features:

Tables command:

  • create <table name>: create table name in specific DBI database and create same name iptables chain, a rule is created in the iptable specifies the INPUT to check IP address of the created chain. Iptables target table in IPv4 or IPv6 determined by the HASH table type automatically.
  • destroy <table name>: delete table name in specific DBI database and delete same name iptables chain, a same name rule in ip table specifies the INPUT also remove.
  • flush <table name>: erase body data in DBI table table name and flush same name iptables chain.

Items command:

  • add <ip address>: add ip address to specific table in DBI database and insert or append ip address to same name chain. Iptables target table is IPv4 or IPv6 is determined by the type of IP addresses automatically.
  • del <ip address>: delete ip address to specific table in DBI database and delete ip address to the same name chain.
  • test <ip address>: check availability ip address in specific table from DBI database.

Example configuration file

Example configuration file to set SQLite driver: ipsetd-ng.conf, ipsetcmd-ng.conf:

        # path to dynamic driver directory
        # create automaticaly from make, default: '/usr/lib/ipsetng'
        path = /usr/lib/ipsetng

        # name of use driver, explore: /usr/lib/ipsetng/drv-<name>-ng.so
        name = dbi

        # WARNING: this iptables setting can be used in all drivers except the driver ipset
        # enable iptables add or delete direct to kernel
        iptenable = yes

        # chain of iptables
        iptchain = INPUT

        # table of iptables
        ipttable = filter

        # target of iptables
        iptrule =  DROP

        # method for adding to table: insert | append
        iptmethod = append

        # DBI diver

        # type dbi driver: any compiled of you system
        # DBI Support drivers:
        # MySQL, PostgreSQL, SQLite3, DB2, Ingres, mSQL,
        # Oracle, Firebird/Interbase,
        # FreeTDS (provides access to MS SQL Server and Sybase)
        dbitype = mysql

        # port
        port = 33306

        # host
        host = localhost

        # login
        login = root

        # password
        pass = 12345

        # data base name, if not specific, create 'test'
        dbase = myipdb

        # socket
        socket = ./dbi.socket

        # path & file to exec on add or delete ip address
        exec = /path/to/file.sh

  Meta Tags: IPSETD-NG DBI driver