[group group1]

IN  ACCEPT - - tcp 22 -
OUT ACCEPT - - tcp 80 -
OUT ACCEPT - - icmp - -

[group group3]

IN  ACCEPT 10.0.0.1 
IN  ACCEPT 10.0.0.2
IN  ACCEPT 10.0.0.2 


#ipset hash:ip
[ipgroup ipgroup1]

192.168.0.1
192.168.0.2
192.168.0.3


[ipgroup ipgroup2]

192.168.0.3
192.168.0.4

#ipset hash:net
[netgroup netgroup1]

192.168.0.0/24
10.0.0.0/8