|
Packit |
7b22a4 |
This module adds and/or deletes entries from IP sets which can be defined
|
|
Packit |
7b22a4 |
by ipset(8).
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
|
|
Packit |
7b22a4 |
add the address(es)/port(s) of the packet to the set
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
|
|
Packit |
7b22a4 |
delete the address(es)/port(s) of the packet from the set
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-map\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
|
|
Packit |
7b22a4 |
[\-\-map\-mark] [\-\-map\-prio] [\-\-map\-queue]
|
|
Packit |
7b22a4 |
map packet properties (firewall mark, tc priority, hardware queue)
|
|
Packit |
7b22a4 |
.IP
|
|
Packit |
7b22a4 |
where \fIflag\fP(s) are
|
|
Packit |
7b22a4 |
.BR "src"
|
|
Packit |
7b22a4 |
and/or
|
|
Packit |
7b22a4 |
.BR "dst"
|
|
Packit |
7b22a4 |
specifications and there can be no more than six of them.
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-timeout\fP \fIvalue\fP
|
|
Packit |
7b22a4 |
when adding an entry, the timeout value to use instead of the default
|
|
Packit |
7b22a4 |
one from the set definition
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-exist\fP
|
|
Packit |
7b22a4 |
when adding an entry if it already exists, reset the timeout value
|
|
Packit |
7b22a4 |
to the specified one or to the default from the set definition
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-map\-set\fP \fIset\-name\fP
|
|
Packit |
7b22a4 |
the set-name should be created with --skbinfo option
|
|
Packit |
7b22a4 |
\fB\-\-map\-mark\fP
|
|
Packit |
7b22a4 |
map firewall mark to packet by lookup of value in the set
|
|
Packit |
7b22a4 |
\fB\-\-map\-prio\fP
|
|
Packit |
7b22a4 |
map traffic control priority to packet by lookup of value in the set
|
|
Packit |
7b22a4 |
\fB\-\-map\-queue\fP
|
|
Packit |
7b22a4 |
map hardware NIC queue to packet by lookup of value in the set
|
|
Packit |
7b22a4 |
.IP
|
|
Packit |
7b22a4 |
The
|
|
Packit |
7b22a4 |
\fB\-\-map\-set\fP
|
|
Packit |
7b22a4 |
option can be used from the mangle table only. The
|
|
Packit |
7b22a4 |
\fB\-\-map\-prio\fP
|
|
Packit |
7b22a4 |
and
|
|
Packit |
7b22a4 |
\fB\-\-map\-queue\fP
|
|
Packit |
7b22a4 |
flags can be used in the OUTPUT, FORWARD and POSTROUTING chains.
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
Use of -j SET requires that ipset kernel support is provided, which, for
|
|
Packit |
7b22a4 |
standard kernels, is the case since Linux 2.6.39.
|