"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "manpages/shorewall-ipsets.xml" between
shorewall-docs-xml-5.2.3.6.tar.bz2 and shorewall-docs-xml-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall (documentation; XML)

shorewall-ipsets.xml  (shorewall-docs-xml-5.2.3.6.tar.bz2):shorewall-ipsets.xml  (shorewall-docs-xml-5.2.6.tar.bz2)
skipping to change at line 84 skipping to change at line 84
<para>+myset[2] and +myset[dst,dst]</para> <para>+myset[2] and +myset[dst,dst]</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>Beginning with Shorewall 4.4.14, multiple source or destination <para>Beginning with Shorewall 4.4.14, multiple source or destination
matches may be specified by enclosing the set names within +[...]. The set matches may be specified by enclosing the set names within +[...]. The set
names need not be prefixed with '+'. When such a list of sets is names need not be prefixed with '+'. When such a list of sets is
specified, matching packets must match all of the listed sets.</para> specified, matching packets must match all of the listed sets.</para>
<para>For information about set lists and exclusion, see <ulink <para>For information about set lists and exclusion, see <ulink
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink> url="shorewall-exclusion.html">shorewall-exclusion</ulink>
(5).</para> (5).</para>
<para>Beginning with Shorewall 4.5.16, you can increment one or more <para>Beginning with Shorewall 4.5.16, you can increment one or more
nfacct objects each time a packet matches an ipset. You do that by listing nfacct objects each time a packet matches an ipset. You do that by listing
the objects separated by commas within parentheses.</para> the objects separated by commas within parentheses.</para>
<para>Example:</para> <para>Example:</para>
<simplelist> <simplelist>
<member>+myset[src](myobject)</member> <member>+myset[src](myobject)</member>
skipping to change at line 106 skipping to change at line 106
<para>In that example, when the source address of a packet matches the <para>In that example, when the source address of a packet matches the
<emphasis role="bold">myset</emphasis> ipset, the <emphasis <emphasis role="bold">myset</emphasis> ipset, the <emphasis
role="bold">myobject</emphasis> nfacct counter will be incremented.</para> role="bold">myobject</emphasis> nfacct counter will be incremented.</para>
<para>Beginning with Shorewall 4.6.0, an ipset name (and src/dst list, if <para>Beginning with Shorewall 4.6.0, an ipset name (and src/dst list, if
any) can be immediately be followed by a list of match options.</para> any) can be immediately be followed by a list of match options.</para>
<important> <important>
<para>These additional match options are not available in <ulink <para>These additional match options are not available in <ulink
url="/manpages/shorewall-tcfilters.html">shorewall-tcfilters(5)</ulink>.</ para> url="shorewall-tcfilters.html">shorewall-tcfilters(5)</ulink>.</para>
</important> </important>
<para>Available options are:</para> <para>Available options are:</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term>nomatch</term> <term>nomatch</term>
<listitem> <listitem>
<para>If the set type supports the nomatch flag, then the matching <para>If the set type supports the nomatch flag, then the matching
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)