'\" t .\" Title: shorewall-ipsets .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 06/28/2012 .\" Manual: [FIXME: manual] .\" Source: [FIXME: source] .\" Language: English .\" .TH "SHOREWALL\-IPSETS" "5" "06/28/2012" "[FIXME: source]" "[FIXME: manual]" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" ipsets \- Specifying the name if an ipset in Shorewall configuration files .SH "SYNOPSIS" .HP \w'\fB+\fR\fB\fIipsetname\fR\fR\ 'u \fB+\fR\fB\fIipsetname\fR\fR .HP \w'\fB+\fR\fB\fIipsetname\fR\fR\fB[\fR\fB\fIflag\fR\fR\fB,\&.\&.\&.]\fR\ 'u \fB+\fR\fB\fIipsetname\fR\fR\fB[\fR\fB\fIflag\fR\fR\fB,\&.\&.\&.]\fR .HP \w'\fB+[ipsetname,\&.\&.\&.]\fR\ 'u \fB+[ipsetname,\&.\&.\&.]\fR .SH "DESCRIPTION" .PP Note: In the above syntax descriptions, the square brackets ("[]") are to be taken literally rather than as meta\-characters\&. .PP In most places where a network address may be entered, an ipset may be substituted\&. Set names must be prefixed by the character "+", must start with a letter and may be composed of alphanumeric characters, "\-" and "_"\&. .PP Whether the set is matched against the packet source or destination is determined by which column the set name appears (SOURCE or DEST)\&. For those set types that specify a tupple, two alternative syntaxes are available: .RS 4 [\fInumber\fR] \- Indicates that \*(Aqsrc\*(Aq or \*(Aqdst\*(Aq should repleated number times\&. Example: myset[2]\&. .RE .RS 4 [\fIflag\fR,\&.\&.\&.] where \fIflag\fR is \fBsrc\fR or \fBdst\fR\&. Example: myset[src,dst]\&. .RE .PP In a SOURCE column, the following pairs are equivalent: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} +myset[2] and +myset[src,src] .RE .PP In a DEST column, the following paris are equivalent: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} +myset[2] and +myset[dst,dst] .RE .PP Beginning with Shorewall 4\&.4\&.14, multiple source or destination matches may be specified by enclosing the set names within +[\&.\&.\&.]\&. The set names need not be prefixed with \*(Aq+\*(Aq\&. When such a list of sets is specified, matching packets must match all of the listed sets\&. .PP For information about set lists and exclusion, see \m[blue]\fBshorewall\-exclusion\fR\m[]\&\s-2\u[1]\d\s+2 (5)\&. .SH "EXAMPLES" .PP +myset .PP +myset[src] .PP +myset[2] .PP +[myset1,myset2[dst]] .SH "FILES" .PP /etc/shorewall/accounting .PP /etc/shorewall/blacklist .PP /etc/shorewall/hosts \-\- \fBNote:\fR Multiple matches enclosed in +[\&.\&.\&.] may not be used in this file\&. .PP /etc/shorewall/maclist \-\- \fBNote:\fR Multiple matches enclosed in +[\&.\&.\&.] may not be used in this file\&. .PP /etc/shorewall/masq .PP /etc/shorewall/rules .PP /etc/shorewall/secmarks .PP /etc/shorewall/tcrules .SH "SEE ALSO" .PP shorewall(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall_interfaces(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-nat(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-rtrules(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\&.conf(5), shorewall\-secmarks(5), shorewall\-tcclasses(5), shorewall\-tcdevices(5), shorewall\-tcrules(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5) .SH "NOTES" .IP " 1." 4 shorewall-exclusion .RS 4 \%http://www.shorewall.net/manpages/shorewall-exclusion.html .RE