extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-04-15 14:58:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Warn uses that ipset docs may not be current

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8864 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-11-10 16:51:03 +00:00
parent a902e71a0a
commit 0e7c81fdeb
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/ipsets.xml
View File

@ -171,8 +171,13 @@ ACCEPT +sshok $FW tcp 22</programlisting></para>
<para>As mentioned above, ipsets are well suited for large blacklists. You <para>As mentioned above, ipsets are well suited for large blacklists. You
can maintain your blacklist using the 'ipset' utility without ever having can maintain your blacklist using the 'ipset' utility without ever having
to restart or refresh Shorewall. If you use the SAVE_IPSETS=Yes feature to restart or refresh Shorewall. If you use the SAVE_IPSETS=Yes feature
just be sure to "shorewall save" after altering the blacklist ipset(s). just be sure to "shorewall save" after altering the blacklist
Example:</para> ipset(s).</para>
<para>Example (Note -- this example is applicable to ipset versions up to
and including 2.4. In 2.5, the binding feature of ipsets is scheduled for
removal in favor of different set types that include both IP addresses and
port numbers. Check your ipset documentation):</para>
<para><filename>/etc/shorewall/blacklist</filename>:</para> <para><filename>/etc/shorewall/blacklist</filename>:</para>
@ -228,4 +233,4 @@ dyn eth3:+Dyn</programlisting>
you're all set. You can add and delete addresses from Dyn without having you're all set. You can add and delete addresses from Dyn without having
to touch Shorewall.</para> to touch Shorewall.</para>
</section> </section>
</article> </article>