shorewall6-ipsets man page on Mageia
Man page or keyword search:  
man Server   17783 pages
apropos Keyword Search (all sections)
Output format
Mageia logo
[printable version] 
SHOREWALL-IPSETS(5)		[FIXME: manual]		   SHOREWALL-IPSETS(5)

NAME
       ipsets - Specifying the name if an ipset in Shorewall6 configuration
       files

SYNOPSIS
       +ipsetname

       +ipsetname[flag,...]

       +[ipsetname,...]

DESCRIPTION
       Note: In the above syntax descriptions, the square brackets ("[]") are
       to be taken literally rather than as meta-characters.

       In most places where a network address may be entered, an ipset may be
       substituted. Set names must be prefixed by the character "+", must
       start with a letter and may be composed of alphanumeric characters, "-"
       and "_".

       Whether the set is matched against the packet source or destination is
       determined by which column the set name appears (SOURCE or DEST). For
       those set types that specify a tuple, two alternative syntaxes are
       available:
	   [number] - Indicates that 'src' or
		 'dst' should repeated number times. Example: myset[2].
	   [flag,...] where
		 flag is src or
		 dst. Example: myset[src,dst].

       In a SOURCE column, the following pairs are equivalent:

       ·   +myset[2] and +myset[src,src]

       In a DEST column, the following pairs are equivalent:

       ·   +myset[2] and +myset[dst,dst]

       Beginning with Shorewall 4.4.14, multiple source or destination matches
       may be specified by enclosing the set names within +[...]. The set
       names need not be prefixed with '+'. When such a list of sets is
       specified, matching packets must match all of the listed sets.

       For information about set lists and exclusion, see
       shorewall-exclusion[1] (5).

       Beginning with Shorewall 4.5.16, you can increment one or more nfacct
       objects each time a packet matches an ipset. You do that by listing the
       objects separated by commas within parentheses.

       Example:
	   +myset[src](myobject)

       In that example, when the source address of a packet matches the myset
       ipset, the myobject nfacct counter will be incremented.

EXAMPLES
       +myset

       +myset[src]

       +myset[2]

       +[myset1,myset2[dst]]

FILES
       /etc/shorewall6/accounting

       /etc/shorewall6/blacklist

       /etc/shorewall6/hosts -- Note: Multiple matches enclosed in +[...] may
       not be used in this file.

       /etc/shorewall6/maclist -- Note: Multiple matches enclosed in +[...]
       may not be used in this file.

       /etc/shorewall6/rules

       /etc/shorewall6/secmarks

       /etc/shorewall6/tcrules

SEE ALSO
       shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5),
       shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
       shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
       shorewall6-providers(5), shorewall6-rtrules(5),
       shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
       shorewall6-secmarks(5), shorewall6-tcclasses(5),
       shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5),
       shorewall6-tunnels(5), shorewall6-zones(5)

NOTES
	1. shorewall-exclusion
	   http://www.shorewall.net/manpages6/shorewall-exclusion.html

[FIXME: source]			  12/19/2013		   SHOREWALL-IPSETS(5)
[top]

List of man pages available for Mageia

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net