summaryrefslogtreecommitdiffstats
path: root/extensions/libipt_set.man
blob: d280577d9f4e409f3c0cfbb0a0be6ac01010b178 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
This modules macthes IP sets which can be defined by ipset(8).
.TP
.BR "--set " "setname flag[,flag...]"
where flags are
.BR "src"
and/or
.BR "dst" 
and there can be no more than six of them. Hence the command
.nf
 iptables -A FORWARD -m set --set test src,dst
.fi
will match packets, for which (depending on the type of the set) the source
address or port number of the packet can be found in the specified set. If 
there is a binding belonging to the mached set element or there is a default 
binding for the given set, then the rule will match the packet only if 
additionally (depending on the type of the set) the destination address or 
port number of the packet can be found in the set according to the binding.