Warn uses that ipset docs may not be current

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8864 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-11-10 16:51:03 +00:00
parent a902e71a0a
commit 0e7c81fdeb

View File

@ -171,8 +171,13 @@ ACCEPT +sshok $FW tcp 22</programlisting></para>
<para>As mentioned above, ipsets are well suited for large blacklists. You
can maintain your blacklist using the 'ipset' utility without ever having
to restart or refresh Shorewall. If you use the SAVE_IPSETS=Yes feature
just be sure to "shorewall save" after altering the blacklist ipset(s).
Example:</para>
just be sure to "shorewall save" after altering the blacklist
ipset(s).</para>
<para>Example (Note -- this example is applicable to ipset versions up to
and including 2.4. In 2.5, the binding feature of ipsets is scheduled for
removal in favor of different set types that include both IP addresses and
port numbers. Check your ipset documentation):</para>
<para><filename>/etc/shorewall/blacklist</filename>:</para>
@ -228,4 +233,4 @@ dyn eth3:+Dyn</programlisting>
you're all set. You can add and delete addresses from Dyn without having
to touch Shorewall.</para>
</section>
</article>
</article>