Provided by: shorewall6_4.4.26.1-1_all bug


       ipsets - Specifying the name if an ipset in Shorewall6 configuration






       Note: In the above syntax descriptions, the square brackets ("[]") are
       to be taken literally rather than as meta-characters.

       In most places where a network address may be entered, an ipset may be
       substituted. Set names must be prefixed by the character "+", must
       start with a letter and may be composed of alphanumeric characters, "-"
       and "_".

       Whether the set is matched against the packet source or destination is
       determined by which column the set name appears (SOURCE or DEST). For
       those set types that specify a tupple, two alternative syntaxes are
           [number] - Indicates that 'src' or
                 'dst' should repleated number times. Example: myset[2].
           [flag,...] where
                 flag is src or
                 dst. Example: myset[src,dst].

       In a SOURCE column, the following pairs are equivalent:

       ·   +myset[2] and +myset[src,src]

       In a DEST column, the following paris are equivalent:

       ·   +myset[2] and +myset[dst,dst]

       Beginning with Shorewall 4.4.14, multiple source or destination matches
       may be specified by enclosing the set names within +[...]. The set
       names need not be prefixed with '+'. When such a list of sets is
       specified, matching packets must match all of the listed sets.

       For information about set lists and exclusion, see
       shorewall-exclusion[1] (5).









       /etc/shorewall6/hosts -- Note: Multiple matches enclosed in +[...] may
       not be used in this file.

       /etc/shorewall6/maclist -- Note: Multiple matches enclosed in +[...]
       may not be used in this file.





       shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5),
       shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
       shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
       shorewall6-providers(5), shorewall6-route_rules(5),
       shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
       shorewall6-secmarks(5), shorewall6-tcclasses(5),
       shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5),
       shorewall6-tunnels(5), shorewall6-zones(5)


        1. shorewall-exclusion

[FIXME: source]                   12/13/2011               SHOREWALL-IPSETS(5)