Home

update-ipsets Operator Manual

Welcome to the operator manual for update-ipsets — a tool that downloads, normalizes, compares, and publishes public IP-based threat and blocking feeds.

What you'll find here

This manual covers everything you need to deploy, configure, monitor, and maintain update-ipsets:

• Getting started — install and run your first instance in minutes
• Configuration — the YAML catalog, runtime settings, feed families, and all options
• Running — daemon flags, systemd, TLS, authentication, listeners
• Pipeline — how feeds flow from download to published output
• Admin UI — runtime status, feed inventory, operator actions
• API reference — all public endpoints, rate limits, and response formats
• Monitoring — OpenTelemetry, Netdata integration, log structure
• CLI tools — iprange, query, enable, and cache-merge migration helper
• Troubleshooting — common issues and how to fix them
• Catalog maintenance — how operators add and validate local catalog feeds

Reading order

New to update-ipsets? Start here:

1. About update-ipsets — what it does and why
2. Quick Start — get running in 5 minutes
3. Installation — production deployment
4. Configuration Concepts — how the catalog works
5. Feed Families — the six feed families
6. Pipeline Overview — how data flows

Then branch to the sections you need.

For catalog operators

If you maintain a local feed catalog:

1. Read Feed Families to pick the right type
2. Use Processor Reference when a source needs normalization
3. Follow Step by Step: Add a Feed
4. Check License Requirements before publishing redistributed data

Need help?

• Check Troubleshooting for common problems
• Browse the Glossary for term definitions
• Read the API Reference for endpoint details