summaryrefslogtreecommitdiffstats
path: root/src/ipset.8
Commit message (Collapse)AuthorAgeFilesLines
* Support hostnames and service names with dashJozsef Kadlecsik2012-01-141-0/+6
| | | | | | | | The square brackets are introduced as an escape mechanism to enter hostnames or service names with dash in order to avoid mixing up the dash in the name with the range notation. Problem reported by Stephen Hemminger and Marc Guardiola.
* Exceptions support added to hash:*net* typesJozsef Kadlecsik2012-01-131-6/+23
| | | | | | | | | | | | The "nomatch" keyword and option is added to the hash:*net* types, by which one can add exception entries to sets. Example: ipset create test hash:net ipset add test 192.168.0/24 ipset add test 192.168.0/30 nomatch In this case the IP addresses from 192.168.0/24 except 192.168.0/30 match the elements of the set.
* Update the manpage and document the limits in hash:net,iface.Jozsef Kadlecsik2011-07-111-1/+5
|
* hash:net,iface type introducedJozsef Kadlecsik2011-05-301-2/+69
| | | | | | | | | | The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1
* Support range for IPv4 at adding/deleting elements for hash:*net* typesJozsef Kadlecsik2011-05-151-13/+29
| | | | | | | | | | | | | | | | | | | The range internally is converted to the network(s) equal to the range. Example: # ipset new test hash:net # ipset add test 10.2.0.0-10.2.1.12 # ipset list test Name: test Type: hash:net Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16888 References: 0 Members: 10.2.1.12 10.2.1.0/29 10.2.0.0/24 10.2.1.8/30
* Support listing setnames and headers tooJozsef Kadlecsik2011-04-181-4/+16
| | | | | | Current listing makes possible to list sets with full content only. The patch adds support partial listings, i.e. listing just the existing setnames or listing set headers, without set members.
* bitmap:ip,mac type requires "src" for MACJozsef Kadlecsik2011-04-081-3/+4
| | | | | | | | | Enforce that the second "src/dst" parameter of the set match and SET target must be "src", because we have access to the source MAC only in the packet. The previous behaviour, that the type required the second parameter but actually ignored the value was counter-intuitive and confusing. Manpage is updated to reflect the change.
* Manpage updateJozsef Kadlecsik2011-03-271-0/+2
|
* SCTP, UDPLITE support addedJozsef Kadlecsik2011-03-181-10/+17
| | | | SCTP and UDPLITE port support added to the hash:*port* types.
* Updated manpage to reflect wider input possibilities in the ipset tool.Jozsef Kadlecsik2010-12-171-41/+45
|
* Manpage cleanups, so it's more clear and straightforward.Jozsef Kadlecsik2010-12-151-20/+20
|
* Document which elements cannot be stored in the different hash types.Jozsef Kadlecsik2010-12-141-4/+13
| | | | And enforce from kernel side as well...
* Manpage and help text fixes.v5.0-pre10Jozsef Kadlecsik2010-11-021-37/+108
| | | | | | | The manpage is updated to reflect the recent modifications and the addition of the hash:net,port type. The help text of hash:ip is updated: adding/deleting multiple entries are supported for IPv4 only.
* Fixes, cleanups, commentsv5.0-pre8Jozsef Kadlecsik2010-10-241-30/+32
| | | | | | | | | | | | | | | | | | | - More comments added to the code - ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip and hash:ip,port,net types - hash:net and hash:ip,port,net types are reworked - hash:net,port type added - Wrong direction parameters fixed in hash:ip,port - Helps and manpage are updated - More tests added - Ugly macros are rewritten to functions in parse.c (Holger Eitzenberger) - resize related bug in hash types fixed (Holger Eitzenberger) - autoreconf patches by Jan Engelhardt applied - netlink patch minimalized: dumping can be initialized by a second parsing of the message (thanks to David and Patrick for the suggestion) - IPv4/IPv6 address attributes are introduced in order to fix the context (suggested by David)
* Compatibility and documentation fixesv5.0-pre6Jozsef Kadlecsik2010-07-131-26/+26
| | | | | | | Makefile fixes: compiler flags README and manpage fixes Compatibility with newer gcc releases (4.4.x) Compatibility with the 2.6.35 kernel tree
* ipset 5: IPv6 port related and manpage fixes, more testsv5.0-pre4Jozsef Kadlecsik2010-06-251-32/+36
| | | | | | - getting ports for family INET6 fixed - more manpage polishing - tests to check the iptables/ip6tables match and target added
* ipset 5: last new feature addedv5.0-pre3Jozsef Kadlecsik2010-06-221-33/+63
| | | | | | | | | | | - the hash types can now store protocol together port, not only port - lots of fixes everywhere: parser, error reporting, manpage The last bits on the todo list before announcing ipset 5: - recheck all the error messages - add possibly more tests - polish manpage
* ipset 5 in an almost ready state - milestonev5.0-pre1Jozsef Kadlecsik2010-06-151-509/+600
| | | | | | | | | | | | Reworked protocol and internal interfaces, missing set types added, backward compatibility verified, lots of tests added (and thanks to the tests, bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere... The missing bits before announcing ipset 5: - net namespace support - new iptables/ip6tables extension library - iptables/ip6tables match and target tests (backward/forward compatibility) - tests on catching syntax errors
* First staget to ipset-5Jozsef Kadlecsik2010-04-221-0/+537
Create src/ and move ipset source there. Get rid of unnecessary and outdated files.