diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-11-05 00:57:12 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-11-05 00:57:44 +0100 |
commit | da6c162ce5fb42fa5439ae0b95c321fb476b9cb7 (patch) | |
tree | 6e0d056af2fcbb4a7cdcb4cdceca8e11c797959f /extensions/libxt_SET.man | |
parent | fd7ff7074f6f189872a485fd02df2cc50e1e4cb4 (diff) | |
parent | 6d9ae2952a440b4ff28e86df6d18b53caa7ecd94 (diff) |
Merge branch 'ipset'
This provides the ipset skbinfo extension.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_SET.man')
-rw-r--r-- | extensions/libxt_SET.man | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/extensions/libxt_SET.man b/extensions/libxt_SET.man index c35ba93d..78a9ae0f 100644 --- a/extensions/libxt_SET.man +++ b/extensions/libxt_SET.man @@ -6,6 +6,10 @@ add the address(es)/port(s) of the packet to the set .TP \fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] delete the address(es)/port(s) of the packet from the set +.TP +\fB\-\-map\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] +[\-\-map\-mark] [\-\-map\-prio] [\-\-map\-queue] +map packet properties (firewall mark, tc priority, hardware queue) .IP where \fIflag\fP(s) are .BR "src" @@ -20,6 +24,23 @@ one from the set definition \fB\-\-exist\fP when adding an entry if it already exists, reset the timeout value to the specified one or to the default from the set definition +.TP +\fB\-\-map\-set\fP \fIset\-name\fP +the set-name should be created with --skbinfo option +\fB\-\-map\-mark\fP +map firewall mark to packet by lookup of value in the set +\fB\-\-map\-prio\fP +map traffic control priority to packet by lookup of value in the set +\fB\-\-map\-queue\fP +map hardware NIC queue to packet by lookup of value in the set +.IP +The +\fB\-\-map\-set\fP +option can be used from the mangle table only. The +\fB\-\-map\-prio\fP +and +\fB\-\-map\-queue\fP +flags can be used in the OUTPUT, FORWARD and POSTROUTING chains. .PP Use of -j SET requires that ipset kernel support is provided, which, for standard kernels, is the case since Linux 2.6.39. |