You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 lines
1.5 KiB
47 lines
1.5 KiB
This module adds and/or deletes entries from IP sets which can be defined
|
|
by ipset(8).
|
|
.TP
|
|
\fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
|
|
add the address(es)/port(s) of the packet to the set
|
|
.TP
|
|
\fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
|
|
delete the address(es)/port(s) of the packet from the set
|
|
.TP
|
|
\fB\-\-map\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
|
|
[\-\-map\-mark] [\-\-map\-prio] [\-\-map\-queue]
|
|
map packet properties (firewall mark, tc priority, hardware queue)
|
|
.IP
|
|
where \fIflag\fP(s) are
|
|
.BR "src"
|
|
and/or
|
|
.BR "dst"
|
|
specifications and there can be no more than six of them.
|
|
.TP
|
|
\fB\-\-timeout\fP \fIvalue\fP
|
|
when adding an entry, the timeout value to use instead of the default
|
|
one from the set definition
|
|
.TP
|
|
\fB\-\-exist\fP
|
|
when adding an entry if it already exists, reset the timeout value
|
|
to the specified one or to the default from the set definition
|
|
.TP
|
|
\fB\-\-map\-set\fP \fIset\-name\fP
|
|
the set-name should be created with --skbinfo option
|
|
\fB\-\-map\-mark\fP
|
|
map firewall mark to packet by lookup of value in the set
|
|
\fB\-\-map\-prio\fP
|
|
map traffic control priority to packet by lookup of value in the set
|
|
\fB\-\-map\-queue\fP
|
|
map hardware NIC queue to packet by lookup of value in the set
|
|
.IP
|
|
The
|
|
\fB\-\-map\-set\fP
|
|
option can be used from the mangle table only. The
|
|
\fB\-\-map\-prio\fP
|
|
and
|
|
\fB\-\-map\-queue\fP
|
|
flags can be used in the OUTPUT, FORWARD and POSTROUTING chains.
|
|
.PP
|
|
Use of \-j SET requires that ipset kernel support is provided, which, for
|
|
standard kernels, is the case since Linux 2.6.39.
|