From d3eebde464d05869c77b4242798ffd4fdc17644f Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 8 Nov 2017 10:56:57 -0800 Subject: [PATCH] Add another restriction for SAVE_IPSETS=Yes Signed-off-by: Tom Eastep --- docs/ipsets.xml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/docs/ipsets.xml b/docs/ipsets.xml index 0a807698c..825fd1329 100644 --- a/docs/ipsets.xml +++ b/docs/ipsets.xml @@ -56,12 +56,13 @@ xtables-addons if they are not available in your current distribution. Instructions for installing xtables-addons may be found in the Dynamic Zones article. - Note that xtables-addons might not be required - with the 'ipset' package provided by your distribution. - See also the section capabilities - in the configuration file basics article - and the Shorecap program. + url="Dynamic.html">Dynamic Zones article. Note that xtables-addons + might not be required with the 'ipset' package provided by your + distribution. See also the section capabilities in + the configuration file basics + article and the Shorecap + program. Ipset allows you to create one or more named sets of addresses then use those sets to define Netfilter/iptables rules. Possible uses of ipsets @@ -151,6 +152,11 @@ ACCEPT net:+sshok $FW tcp 22 url="manpages/shorewall.conf.html">shorewall.conf (5). + + You must have at least one entry in the other configuration + files that uses an ipset. + + You cannot use an ipset in shorewall-stoppedrules