blob: c35ba93d1704c0f412cce225c830250c58c74de4 [file] [log] [blame]
This module adds and/or deletes entries from IP sets which can be defined
by ipset(8).
\fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
add the address(es)/port(s) of the packet to the set
\fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
delete the address(es)/port(s) of the packet from the set
where \fIflag\fP(s) are
.BR "src"
.BR "dst"
specifications and there can be no more than six of them.
\fB\-\-timeout\fP \fIvalue\fP
when adding an entry, the timeout value to use instead of the default
one from the set definition
when adding an entry if it already exists, reset the timeout value
to the specified one or to the default from the set definition
Use of -j SET requires that ipset kernel support is provided, which, for
standard kernels, is the case since Linux 2.6.39.