From 584b6eec65563fb15cdff83c93ab3c6187f8ac4c Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 23 Sep 2014 13:06:36 +0200 Subject: Order create and add options in manpage so that generic ones come first --- src/ipset.8 | 102 ++++++++++++++++++++++++++++++------------------------------ 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/src/ipset.8 b/src/ipset.8 index fb11025..a7bd94f 100644 --- a/src/ipset.8 +++ b/src/ipset.8 @@ -13,7 +13,7 @@ .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.TH "IPSET" "8" "Apr 4, 2013" "Jozsef Kadlecsik" "" +.TH "IPSET" "8" "Sep 23, 2014" "Jozsef Kadlecsik" "" .SH "NAME" ipset \(em administration tool for IP sets .SH "SYNOPSIS" @@ -280,49 +280,6 @@ ipset add test 192.168.0.1 timeout 60 .IP ipset \-exist add test 192.168.0.1 timeout 600 .PP -.SS hashsize -This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets. -It defines the initial hash size for the set, default is 1024. The hash size must be a power -of two, the kernel automatically rounds up non power of two hash sizes to the first -correct value. -Example: -.IP -ipset create test hash:ip hashsize 1536 -.PP -.SS maxelem -This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets. -It does define the maximal number of elements which can be stored in the set, default 65536. -Example: -.IP -ipset create test hash:ip maxelem 2048. -.PP -.SS family { inet | inet6 } -This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets -except for hash:mac. -It defines the protocol family of the IP addresses to be stored in the set. The default is -\fBinet\fR, i.e IPv4. -For the \fBinet\fR family one can add or delete multiple entries by specifying -a range or a network of IPv4 addresses in the IP address part of the entry: -.PP -\fIipaddr\fR := { \fIip\fR | \fIfromaddr\fR\-\fItoaddr\fR | \fIip\fR/\fIcidr\fR } -.PP -\fInetaddr\fR := { \fIfromaddr\fR\-\fItoaddr\fR | \fIip\fR/\fIcidr\fR } -.PP -Example: -.IP -ipset create test hash:ip family inet6 -.PP -.SS nomatch -The \fBhash\fR set types which can store \fBnet\fR type of data (i.e. hash:*net*) -support the optional \fBnomatch\fR -option when adding entries. When matching elements in the set, entries marked -as \fBnomatch\fR are skipped as if those were not added to the set, which makes -possible to build up sets with exceptions. See the example at hash type -\fBhash:net\fR below. - -When elements are tested by \fBipset\fR, the \fBnomatch\fR -flags are taken into account. If one wants to test the existence of an element -marked with \fBnomatch\fR in a set, then the flag must be specified too. .SS "counters, packets, bytes" All set types support the optional \fBcounters\fR option when creating a set. If the option is specified then the set is created @@ -359,13 +316,6 @@ ipset add foo 192.168.1.1/24 comment "allow access to SMB share on \\\\\\\\files .IP the above would appear as: "allow access to SMB share on \\\\fileserv\\" .PP -.SS forceadd -All hash set types support the optional \fBforceadd\fR parameter when creating a set. -When sets created with this option become full the next addition to the set may -succeed and evict a random entry from the set. -.IP -ipset create foo hash:ip forceadd -.PP .SS "skbinfo, skbmark, skbprio, skbqueue" All set types support the optional \fBskbinfo\fR extension. This extension allow to store the metainfo (firewall mark, tc class and hardware queue) with every entry and map it to @@ -380,6 +330,56 @@ ipset create foo hash:ip skbinfo .IP ipset add foo skbmark 0x1111/0xff00ffff skbprio 1:10 skbqueue 10 .PP +.SS hashsize +This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets. +It defines the initial hash size for the set, default is 1024. The hash size must be a power +of two, the kernel automatically rounds up non power of two hash sizes to the first +correct value. +Example: +.IP +ipset create test hash:ip hashsize 1536 +.PP +.SS maxelem +This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets. +It does define the maximal number of elements which can be stored in the set, default 65536. +Example: +.IP +ipset create test hash:ip maxelem 2048. +.PP +.SS family { inet | inet6 } +This parameter is valid for the \fBcreate\fR command of all \fBhash\fR type sets +except for hash:mac. +It defines the protocol family of the IP addresses to be stored in the set. The default is +\fBinet\fR, i.e IPv4. +For the \fBinet\fR family one can add or delete multiple entries by specifying +a range or a network of IPv4 addresses in the IP address part of the entry: +.PP +\fIipaddr\fR := { \fIip\fR | \fIfromaddr\fR\-\fItoaddr\fR | \fIip\fR/\fIcidr\fR } +.PP +\fInetaddr\fR := { \fIfromaddr\fR\-\fItoaddr\fR | \fIip\fR/\fIcidr\fR } +.PP +Example: +.IP +ipset create test hash:ip family inet6 +.PP +.SS nomatch +The \fBhash\fR set types which can store \fBnet\fR type of data (i.e. hash:*net*) +support the optional \fBnomatch\fR +option when adding entries. When matching elements in the set, entries marked +as \fBnomatch\fR are skipped as if those were not added to the set, which makes +possible to build up sets with exceptions. See the example at hash type +\fBhash:net\fR below. + +When elements are tested by \fBipset\fR, the \fBnomatch\fR +flags are taken into account. If one wants to test the existence of an element +marked with \fBnomatch\fR in a set, then the flag must be specified too. +.SS forceadd +All hash set types support the optional \fBforceadd\fR parameter when creating a set. +When sets created with this option become full the next addition to the set may +succeed and evict a random entry from the set. +.IP +ipset create foo hash:ip forceadd +.PP .SH "SET TYPES" .SS bitmap:ip The \fBbitmap:ip\fR set type uses a memory range to store either IPv4 host -- cgit v1.2.3