holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More ipset article tweaks

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2014-10-07 13:37:56 -07:00
parent 0cd694370e
commit 7771e5d48f
1 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docs/ipsets.xml
View File

@ -179,22 +179,25 @@ ACCEPT net:+sshok $FW tcp 22</programlisting></para>
<para>Beginning with Shorewall 4.6.4, SAVE_IPSETS is available in <ulink <para>Beginning with Shorewall 4.6.4, SAVE_IPSETS is available in <ulink
url="manpages6/shorewall6.conf.html">shorewall6-conf(5)</ulink>. When set url="manpages6/shorewall6.conf.html">shorewall6-conf(5)</ulink>. When set
to Yes, the ipv6 ipsets will be set. You can also save selective ipsets by to Yes, the ipv6 ipsets will be saved. You can also save selective ipsets
setting SAVE_IPSETS to a comma-separated list of ipset names.</para> by setting SAVE_IPSETS to a comma-separated list of ipset names.</para>
<para>Prior to Shorewall 4.6.4, SAVE_IPSETS=Yes in shorewall.conf won't <para>Prior to Shorewall 4.6.4, SAVE_IPSETS=Yes in <ulink
work correctly because it saves both IPv4 and IPv6 ipsets. To work around url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> won't work
this issue, Shorewall-init is capable restoring ipset contents during correctly because it saves both IPv4 and IPv6 ipsets. To work around this
'start' and saving them during 'stop'. To direct Shorewall-init to issue, Shorewall-init is capable restoring ipset contents during 'start'
save/restore ipset contents, set the SAVE_IPSETS option in and saving them during 'stop'. To direct Shorewall-init to save/restore
ipset contents, set the SAVE_IPSETS option in
/etc/sysconfig/shorewall-init (/etc/default/shorewall-init on Debian and /etc/sysconfig/shorewall-init (/etc/default/shorewall-init on Debian and
derivatives). The value of the option is a file name where the contents of derivatives). The value of the option is a file name where the contents of
the ipsets will be save to and restored from. Shorewall-init will create the ipsets will be save to and restored from. Shorewall-init will create
any necessary directories during the first 'save' operation. If you any necessary directories during the first 'save' operation.</para>
configure Shorewall-init to save/restore ipsets, be sure to set
SAVE_IPSETS=No in shorewall.conf and shorewall6.conf. If you configure <para>If you configure Shorewall-init to save/restore ipsets, be sure to
SAVE_IPSETS in both <ulink set SAVE_IPSETS=No in shorewall.conf and shorewall6.conf.</para>
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> and <ulink
<para>If you configure SAVE_IPSETS in <ulink
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> and/or <ulink
url="manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink> then do url="manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink> then do
not set SAVE_IPSETS in shorewall-init.</para> not set SAVE_IPSETS in shorewall-init.</para>
</section> </section>