forked from extern/shorewall_code
Update ipset doc for 5.0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
745e04823d
commit
3277bd991b
@ -107,13 +107,13 @@
|
||||
|
||||
<para>Example 1: Blacklist all hosts in an ipset named "blacklist"</para>
|
||||
|
||||
<para><filename>/etc/shorewall/blacklist</filename><programlisting>#ADDRESS/SUBNET PROTOCOL PORT
|
||||
+blacklist</programlisting></para>
|
||||
<para><filename>/etc/shorewall/blrules</filename><programlisting>#ACTION SOURCE DEST PROTO DPORT
|
||||
DROP net:+blacklist</programlisting></para>
|
||||
|
||||
<para>Example 2: Allow SSH from all hosts in an ipset named "sshok:</para>
|
||||
|
||||
<para><filename>/etc/shorewall/rules</filename><programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
|
||||
ACCEPT net:+sshok $FW tcp 22</programlisting></para>
|
||||
<para><filename>/etc/shorewall/rules</filename><programlisting>#ACTION SOURCE DEST PROTO DPORT
|
||||
ACCEPT net:+sshok $FW tcp 22</programlisting></para>
|
||||
|
||||
<para>The name of the ipset can be optionally followed by a
|
||||
comma-separated list of flags enclosed in square brackets ([...]). Each
|
||||
|
Loading…
Reference in New Issue
Block a user