diff options
author | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org> | 2004-12-01 09:11:33 +0000 |
---|---|---|
committer | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org> | 2004-12-01 09:11:33 +0000 |
commit | dda749a352a17d88b1ce8480e31ebab62cc81d1c (patch) | |
tree | 5417a23ae366ae2c2c0a2d77f625d0ab2772b66f /extensions/libipt_set.man | |
parent | 09fd1f204794bd9411557011098f15cb9c7cdc54 (diff) |
ipset 2 related updates (JK)
Diffstat (limited to 'extensions/libipt_set.man')
-rw-r--r-- | extensions/libipt_set.man | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/extensions/libipt_set.man b/extensions/libipt_set.man new file mode 100644 index 0000000..d280577 --- /dev/null +++ b/extensions/libipt_set.man @@ -0,0 +1,17 @@ +This modules macthes IP sets which can be defined by ipset(8). +.TP +.BR "--set " "setname flag[,flag...]" +where flags are +.BR "src" +and/or +.BR "dst" +and there can be no more than six of them. Hence the command +.nf + iptables -A FORWARD -m set --set test src,dst +.fi +will match packets, for which (depending on the type of the set) the source +address or port number of the packet can be found in the specified set. If +there is a binding belonging to the mached set element or there is a default +binding for the given set, then the rule will match the packet only if +additionally (depending on the type of the set) the destination address or +port number of the packet can be found in the set according to the binding. |