diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-05-15 12:04:19 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-05-15 12:04:19 +0200 |
commit | bb4f6b818fe371b754abd61cffb97cb5145e8e1d (patch) | |
tree | 34fb558facd8bc4ca1f1cdda8cc62eb4fd929e6f /src/ipset.8 | |
parent | 774c80b578172aa7797ea60264e8a929302d5e83 (diff) |
Support range for IPv4 at adding/deleting elements for hash:*net* types
The range internally is converted to the network(s) equal to the range.
Example:
# ipset new test hash:net
# ipset add test 10.2.0.0-10.2.1.12
# ipset list test
Name: test
Type: hash:net
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16888
References: 0
Members:
10.2.1.12
10.2.1.0/29
10.2.0.0/24
10.2.1.8/30
Diffstat (limited to 'src/ipset.8')
-rw-r--r-- | src/ipset.8 | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/src/ipset.8 b/src/ipset.8 index 21750fa..90914f4 100644 --- a/src/ipset.8 +++ b/src/ipset.8 @@ -214,7 +214,7 @@ command follows the syntax where the current list of the methods are \fBbitmap\fR, \fBhash\fR, and \fBlist\fR and the possible data types -are \fBip\fR, \fBmac\fR and \fBport\fR. The dimension of a set +are \fBip\fR, \fBnet\fR, \fBmac\fR and \fBport\fR. The dimension of a set is equal to the number of data types in its type name. When adding, deleting or testing entries in a set, the same comma separated @@ -409,13 +409,16 @@ Network address with zero prefix size cannot be stored in this type of sets. .PP \fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] .PP -\fIADD\-ENTRY\fR := \fIip\fR[/\fIcidr\fR] +\fIADD\-ENTRY\fR := \fInetaddr\fR .PP \fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ] .PP -\fIDEL\-ENTRY\fR := \fIip\fR[/\fIcidr\fR] +\fIDEL\-ENTRY\fR := \fInetaddr\fR .PP -\fITEST\-ENTRY\fR := \fIip\fR[/\fIcidr\fR] +\fITEST\-ENTRY\fR := \fInetaddr\fR +.PP +where +\fInetaddr\fR := \fIip\fR[/\fIcidr\fR] .PP Optional \fBcreate\fR options: .TP @@ -431,6 +434,11 @@ correct value. \fBmaxelem\fR \fIvalue\fR The maximal number of elements which can be stored in the set, default 65536. .PP +For the \fBinet\fR family one can add or delete multiple entries by specifying +a range, which is converted internally to network(s) equal to the range: +.PP +\fInetaddr\fR := { \fIip\fR[/\fIcidr\fR] | \fIfromaddr\fR\-\fItoaddr\fR } +.PP When adding/deleting/testing entries, if the cidr prefix parameter is not specified, then the host prefix value is assumed. When adding/deleting entries, the exact element is added/deleted and overlapping elements are not checked by the kernel. @@ -539,13 +547,16 @@ address with zero prefix size is not accepted either. .PP \fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] .PP -\fIADD\-ENTRY\fR := \fIipaddr\fR[/\fIcidr\fR],[\fIproto\fR:]\fIport\fR +\fIADD\-ENTRY\fR := \fInetaddr\fR,[\fIproto\fR:]\fIport\fR .PP \fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ] .PP -\fIDEL\-ENTRY\fR := \fIipaddr\fR[/\fIcidr\fR],[\fIproto\fR:]\fIport\fR +\fIDEL\-ENTRY\fR := \fInetaddr\fR,[\fIproto\fR:]\fIport\fR .PP -\fITEST\-ENTRY\fR := \fIipaddr\fR[/\fIcidr\fR],[\fIproto\fR:]\fIport\fR +\fITEST\-ENTRY\fR := \fInetaddr\fR,[\fIproto\fR:]\fIport\fR +.PP +where +\fInetaddr\fR := \fIip\fR[/\fIcidr\fR] .PP Optional \fBcreate\fR options: .TP @@ -561,7 +572,8 @@ correct value. \fBmaxelem\fR \fIvalue\fR The maximal number of elements which can be stored in the set, default 65536. .PP -For the +For the \fInetaddr\fR part of the elements +see the description at the \fBhash:net\fR set type. For the [\fIproto\fR:]\fIport\fR part of the elements see the description at the \fBhash:ip,port\fR set type. @@ -645,18 +657,22 @@ address with zero prefix size cannot be stored either. .PP \fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] .PP -\fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIip\fR[/\fIcidr\fR] +\fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fInetaddr\fR .PP \fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ] .PP -\fIDEL\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIip\fR[/\fIcidr\fR] +\fIDEL\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fInetaddr\fR .PP -\fITEST\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIip\fR[/\fIcidr\fR] +\fITEST\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fInetaddr\fR .PP -For the first \fIipaddr\fR and +where +\fInetaddr\fR := \fIip\fR[/\fIcidr\fR] +.PP +For the \fIipaddr\fR and [\fIproto\fR:]\fIport\fR parts of the elements see the descriptions at the -\fBhash:ip,port\fR set type. +\fBhash:ip,port\fR set type. For the \fInetaddr\fR part of the elements +see the description at the \fBhash:net\fR set type. .PP Optional \fBcreate\fR options: .TP |