forked from extern/shorewall_code
Warn uses that ipset docs may not be current
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8864 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
a902e71a0a
commit
0e7c81fdeb
@ -171,8 +171,13 @@ ACCEPT +sshok $FW tcp 22</programlisting></para>
|
||||
<para>As mentioned above, ipsets are well suited for large blacklists. You
|
||||
can maintain your blacklist using the 'ipset' utility without ever having
|
||||
to restart or refresh Shorewall. If you use the SAVE_IPSETS=Yes feature
|
||||
just be sure to "shorewall save" after altering the blacklist ipset(s).
|
||||
Example:</para>
|
||||
just be sure to "shorewall save" after altering the blacklist
|
||||
ipset(s).</para>
|
||||
|
||||
<para>Example (Note -- this example is applicable to ipset versions up to
|
||||
and including 2.4. In 2.5, the binding feature of ipsets is scheduled for
|
||||
removal in favor of different set types that include both IP addresses and
|
||||
port numbers. Check your ipset documentation):</para>
|
||||
|
||||
<para><filename>/etc/shorewall/blacklist</filename>:</para>
|
||||
|
||||
@ -228,4 +233,4 @@ dyn eth3:+Dyn</programlisting>
|
||||
you're all set. You can add and delete addresses from Dyn without having
|
||||
to touch Shorewall.</para>
|
||||
</section>
|
||||
</article>
|
||||
</article>
|
||||
|
Loading…
Reference in New Issue
Block a user