Provided by: shorewall6_4.4.26.1-1_all bug


       ipsets - Specifying the name if an ipset in Shorewall6 configuration files






       Note: In the above syntax descriptions, the square brackets ("[]") are to be taken
       literally rather than as meta-characters.

       In most places where a network address may be entered, an ipset may be substituted. Set
       names must be prefixed by the character "+", must start with a letter and may be composed
       of alphanumeric characters, "-" and "_".

       Whether the set is matched against the packet source or destination is determined by which
       column the set name appears (SOURCE or DEST). For those set types that specify a tupple,
       two alternative syntaxes are available:
           [number] - Indicates that 'src' or
                 'dst' should repleated number times. Example: myset[2].
           [flag,...] where
                 flag is src or
                 dst. Example: myset[src,dst].

       In a SOURCE column, the following pairs are equivalent:

       ·   +myset[2] and +myset[src,src]

       In a DEST column, the following paris are equivalent:

       ·   +myset[2] and +myset[dst,dst]

       Beginning with Shorewall 4.4.14, multiple source or destination matches may be specified
       by enclosing the set names within +[...]. The set names need not be prefixed with '+'.
       When such a list of sets is specified, matching packets must match all of the listed sets.

       For information about set lists and exclusion, see shorewall-exclusion[1] (5).









       /etc/shorewall6/hosts -- Note: Multiple matches enclosed in +[...] may not be used in this

       /etc/shorewall6/maclist -- Note: Multiple matches enclosed in +[...] may not be used in
       this file.





       shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5),
       shorewall6-interfaces(5), shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
       shorewall6-policy(5), shorewall6-providers(5), shorewall6-route_rules(5),
       shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
       shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),
       shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)


        1. shorewall-exclusion

[FIXME: source]                             12/13/2011                        SHOREWALL-IPSETS(5)