diff --git a/PPPOE_shaper.md b/PPPOE_shaper.md
index ec7121a..e4534a4 100644
--- a/PPPOE_shaper.md
+++ b/PPPOE_shaper.md
@@ -376,3 +376,31 @@ To verify if user is matched to correct service, you can use tc command to show
 tc -s -d class show dev pppX
 ```
 Where pppX is user ppp interface name of user identified by accel-cmd show sessions|grep username for example. And you can see two classes, one for fna + ggc traffic, and one for all other traffic.
+
+## I have large list of ips to match, how to do it?
+
+For example such situation might be with iptv traffic, where you have large list of ips to match, or speedtest servers, etc.
+You need to add following changes to your firewall first, note that you need to place each line in proper place, not as is. E.g. ipset create added after lines where we flush and destroy old ipset rules and etc.
+```
+ipset create bypass hash:net skbinfo
+
+for i in $(cat /etc/speedtest.txt | awk '{ print $1; }') ; do ipset -A bypass $i skbmark 0x15 ; done 
+
+iptables -t mangle -A PREROUTING -i bond0 -j SET --map-set bypass src --map-mark
+```
+
+in config.json you can add filter speedtest:
+```
+  "speedtest": {
+   "prio": 5,
+   "classid": 10,
+   "criteria": "handle 0x15 fw"
+  },
+```
+
+
+First line will create ipset named bypass with hash:net type, which is used to store list of ips and together with skbinfo module to store skbmark value which can be matched by "handle 0x15 fw" in filters.
+Second line will read file /etc/speedtest.txt and add each ip to ipset bypass with skbmark 0x15. You can change 0x15 to any other value. This file should contain list of ips, one per line.
+Third line will add iptables rule to match all packets with source ip in ipset bypass and set skbmark to 0x15.
+
+