1SHOREWALL-IPSETS(5)             [FIXME: manual]            SHOREWALL-IPSETS(5)
2
3
4

NAME

6       ipsets - Specifying the name if an ipset in Shorewall6 configuration
7       files
8

SYNOPSIS

10       +ipsetname
11
12       +ipsetname[flag,...]
13
14       +[ipsetname,...]
15

DESCRIPTION

17       Note: In the above syntax descriptions, the square brackets ("[]") are
18       to be taken literally rather than as meta-characters.
19
20       In most places where a network address may be entered, an ipset may be
21       substituted. Set names must be prefixed by the character "+", must
22       start with a letter and may be composed of alphanumeric characters, "-"
23       and "_".
24
25       Whether the set is matched against the packet source or destination is
26       determined by which column the set name appears (SOURCE or DEST). For
27       those set types that specify a tupple, two alternative syntaxes are
28       available:
29           [number] - Indicates that 'src' or
30                 'dst' should repleated number times. Example: myset[2].
31           [flag,...] where
32                 flag is src or
33                 dst. Example: myset[src,dst].
34
35       In a SOURCE column, the following pairs are equivalent:
36
37       ·   +myset[2] and +myset[src,src]
38
39       In a DEST column, the following paris are equivalent:
40
41       ·   +myset[2] and +myset[dst,dst]
42
43       Beginning with Shorewall 4.4.14, multiple source or destination matches
44       may be specified by enclosing the set names within +[...]. The set
45       names need not be prefixed with '+'. When such a list of sets is
46       specified, matching packets must match all of the listed sets.
47
48       For information about set lists and exclusion, see
49       shorewall-exclusion[1] (5).
50

EXAMPLES

52       +myset
53
54       +myset[src]
55
56       +myset[2]
57
58       +[myset1,myset2[dst]]
59

FILES

61       /etc/shorewall6/accounting
62
63       /etc/shorewall6/blacklist
64
65       /etc/shorewall6/hosts -- Note: Multiple matches enclosed in +[...] may
66       not be used in this file.
67
68       /etc/shorewall6/maclist -- Note: Multiple matches enclosed in +[...]
69       may not be used in this file.
70
71       /etc/shorewall6/rules
72
73       /etc/shorewall6/secmarks
74
75       /etc/shorewall6/tcrules
76

SEE ALSO

78       shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5),
79       shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
80       shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5),
81       shorewall6-route_rules(5), shorewall6-routestopped(5),
82       shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
83       shorewall6-tcclasses(5), shorewall6-tcdevices(5),
84       shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5),
85       shorewall6-zones(5)
86

NOTES

88        1. shorewall-exclusion
89           http://www.shorewall.net/manpages6/shorewall-exclusion.html
90
91
92
93[FIXME: source]                   09/16/2011               SHOREWALL-IPSETS(5)
Impressum