1SHOREWALL-IPSETS(5)             [FIXME: manual]            SHOREWALL-IPSETS(5)
2
3
4

NAME

6       ipsets - Specifying the name if an ipset in Shorewall configuration
7       files
8

SYNOPSIS

10       +ipsetname
11
12       +ipsetname[flag,...]
13
14       +[ipsetname,...]
15

DESCRIPTION

17       Note: In the above syntax descriptions, the square brackets ("[]") are
18       to be taken literally rather than as meta-characters.
19
20       In most places where a network address may be entered, an ipset may be
21       substituted. Set names must be prefixed by the character "+", must
22       start with a letter and may be composed of alphanumeric characters, "-"
23       and "_".
24
25       Whether the set is matched against the packet source or destination is
26       determined by which column the set name appears (SOURCE or DEST). For
27       those set types that specify a tupple, two alternative syntaxes are
28       available:
29           [number] - Indicates that 'src' or
30                 'dst' should repleated number times. Example: myset[2].
31           [flag,...] where
32                 flag is src or
33                 dst. Example: myset[src,dst].
34
35       In a SOURCE column, the following pairs are equivalent:
36
37       ·   +myset[2] and +myset[src,src]
38
39       In a DEST column, the following paris are equivalent:
40
41       ·   +myset[2] and +myset[dst,dst]
42
43       Beginning with Shorewall 4.4.14, multiple source or destination matches
44       may be specified by enclosing the set names within +[...]. The set
45       names need not be prefixed with '+'. When such a list of sets is
46       specified, matching packets must match all of the listed sets.
47
48       For information about set lists and exclusion, see
49       shorewall-exclusion[1] (5).
50

EXAMPLES

52       +myset
53
54       +myset[src]
55
56       +myset[2]
57
58       +[myset1,myset2[dst]]
59

FILES

61       /etc/shorewall/accounting
62
63       /etc/shorewall/blacklist
64
65       /etc/shorewall/hosts -- Note: Multiple matches enclosed in +[...] may
66       not be used in this file.
67
68       /etc/shorewall/maclist -- Note: Multiple matches enclosed in +[...] may
69       not be used in this file.
70
71       /etc/shorewall/masq
72
73       /etc/shorewall/rules
74
75       /etc/shorewall/secmarks
76
77       /etc/shorewall/tcrules
78

SEE ALSO

80       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
81       shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
82       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
83       shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
84       shorewall-providers(5), shorewall-proxyarp(5),
85       shorewall-route_rules(5), shorewall-routestopped(5),
86       shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
87       shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
88       shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
89

NOTES

91        1. shorewall-exclusion
92           http://www.shorewall.net/manpages/shorewall-exclusion.html
93
94
95
96[FIXME: source]                   09/16/2011               SHOREWALL-IPSETS(5)
Impressum