| Joszef Kadlecsik | b9a4938 | 2004-12-01 09:11:33 +0000 | [diff] [blame] | 1 | This modules adds and/or deletes entries from IP sets which can be defined |
| 2 | by ipset(8). |
| 3 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 4 | \fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] |
| Joszef Kadlecsik | b9a4938 | 2004-12-01 09:11:33 +0000 | [diff] [blame] | 5 | add the address(es)/port(s) of the packet to the sets |
| 6 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 7 | \fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] |
| Jozsef Kadlecsik | 2d28001 | 2009-06-11 12:27:09 +0200 | [diff] [blame] | 8 | delete the address(es)/port(s) of the packet from the sets |
| 9 | .IP |
| Joszef Kadlecsik | b9a4938 | 2004-12-01 09:11:33 +0000 | [diff] [blame] | 10 | where flags are |
| 11 | .BR "src" |
| 12 | and/or |
| 13 | .BR "dst" |
| Jozsef Kadlecsik | 2d28001 | 2009-06-11 12:27:09 +0200 | [diff] [blame] | 14 | specifications and there can be no more than six of them. |
| Jozsef Kadlecsik | e39f367 | 2011-04-17 11:38:18 +0200 | [diff] [blame] | 15 | .TP |
| 16 | \fB\-\-timeout\fP \fIvalue\fP |
| 17 | when adding entry, the timeout value to use instead of the default |
| 18 | one from the set definition |
| 19 | .TP |
| 20 | \fB\-\-exist\fP |
| 21 | when adding entry if it already exists, reset the timeout value |
| 22 | to the specified one or to the default from the set definition |
| Jan Engelhardt | cd46b14 | 2010-01-19 18:47:43 +0100 | [diff] [blame] | 23 | .PP |
| 24 | Use of -j SET requires that ipset kernel support is provided. As standard |
| 25 | kernels do not ship this currently, the ipset or Xtables-addons package needs |
| 26 | to be installed. |