Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

shorewall-ipsets(5) [debian man page]

SHOREWALL-IPSETS(5)						  [FIXME: manual]					       SHOREWALL-IPSETS(5)

NAME

       ipsets - Specifying the name if an ipset in Shorewall configuration files

SYNOPSIS

       +ipsetname

       +ipsetname[flag,...]

       +[ipsetname,...]

DESCRIPTION

       Note: In the above syntax descriptions, the square brackets ("[]") are to be taken literally rather than as meta-characters.

       In most places where a network address may be entered, an ipset may be substituted. Set names must be prefixed by the character "+", must
       start with a letter and may be composed of alphanumeric characters, "-" and "_".

       Whether the set is matched against the packet source or destination is determined by which column the set name appears (SOURCE or DEST).
       For those set types that specify a tupple, two alternative syntaxes are available:
	   [number] - Indicates that 'src' or
		 'dst' should repleated number times. Example: myset[2].
	   [flag,...] where
		 flag is src or
		 dst. Example: myset[src,dst].

       In a SOURCE column, the following pairs are equivalent:

       o   +myset[2] and +myset[src,src]

       In a DEST column, the following paris are equivalent:

       o   +myset[2] and +myset[dst,dst]

       Beginning with Shorewall 4.4.14, multiple source or destination matches may be specified by enclosing the set names within +[...]. The set
       names need not be prefixed with '+'. When such a list of sets is specified, matching packets must match all of the listed sets.

       For information about set lists and exclusion, see shorewall-exclusion[1] (5).

EXAMPLES

       +myset

       +myset[src]

       +myset[2]

       +[myset1,myset2[dst]]

FILES

       /etc/shorewall/accounting

       /etc/shorewall/blacklist

       /etc/shorewall/hosts -- Note: Multiple matches enclosed in +[...] may not be used in this file.

       /etc/shorewall/maclist -- Note: Multiple matches enclosed in +[...] may not be used in this file.

       /etc/shorewall/masq

       /etc/shorewall/rules

       /etc/shorewall/secmarks

       /etc/shorewall/tcrules

SEE ALSO

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES

	1. shorewall-exclusion
	   http://www.shorewall.net/manpages/shorewall-exclusion.html

[FIXME: source] 						    06/28/2012						       SHOREWALL-IPSETS(5)

Check Out this Related Man Page

SHOREWALL-PARAMS(5)						  [FIXME: manual]					       SHOREWALL-PARAMS(5)

NAME

       params - Shorewall parameters file

SYNOPSIS

       /etc/shorewall/params

DESCRIPTION

       Assign any shell variables that you need in this file. The file is always processed by /bin/sh or by the shell specified through
       SHOREWALL_SHELL in shorewall.conf[1] (5) so the full range of shell capabilities may be used.

       It is suggested that variable names begin with an upper case letter to distinguish them from variables used internally within the Shorewall
       programs

       The following variable names must be avoided. Those in bold font must be avoided in all Shorewall versions; those in regular font must be
       avoided in versions prior to 4.4.8.
	   Any option from shorewall.conf[1] (5)
	   COMMAND
	   CONFDIR
	   DEBUG
	   ECHO_E
	   ECHO_N
	   EXPORT
	   FAST
	   FILEMODE
	   HOSTNAME
	   IPT_OPTIONS
	   NOROUTES
	   PREVIEW
	   PRODUCT
	   PROFILE
	   PURGE
	   RECOVERING
	   RESTOREPATH
	   RING_BELL
	   SHAREDIR
	   Any name beginning with SHOREWALL_ or
		 SW_
	   STOPPING
	   TEST
	   TIMESTAMP
	   USE_VERBOSITY
	   VARDIR
	   VERBOSE
	   VERBOSE_OFFSET
	   VERSION

       Example params file:

	   NET_IF=eth0
	   NET_BCAST=130.252.100.255
	   NET_OPTIONS=routefilter,norfc1918

       Example shorewall-interfaces[2](5) file.

	   ZONE    INTERFACE	   BROADCAST	   OPTIONS
	   net	   $NET_IF	   $NET_BCAST	   $NET_OPTIONS

       This is the same as if the interfaces file had contained:

	   ZONE    INTERFACE	   BROADCAST	   OPTIONS
	   net	   eth0 	   130.252.100.255 routefilter,norfc1918

FILES

       /etc/shorewall/params

SEE ALSO

       http://www.shorewall.net/configuration_file_basics.htm#Variables[3]

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES

	1. shorewall.conf
	   http://www.shorewall.net/manpages/shorewall.conf.html

	2. shorewall-interfaces
	   http://www.shorewall.net/manpages/shorewall-interfaces.html

	3. http://www.shorewall.net/configuration_file_basics.htm#Variables
	   http://www.shorewall.net/configuration_file_basics.htm#Variables?

[FIXME: source] 						    06/28/2012						       SHOREWALL-PARAMS(5)
Man Page