1This module adds and/or deletes entries from IP sets which can be defined 2by ipset(8). 3.TP 4\fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] 5add the address(es)/port(s) of the packet to the set 6.TP 7\fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] 8delete the address(es)/port(s) of the packet from the set 9.TP 10\fB\-\-map\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] 11[\-\-map\-mark] [\-\-map\-prio] [\-\-map\-queue] 12map packet properties (firewall mark, tc priority, hardware queue) 13.IP 14where \fIflag\fP(s) are 15.BR "src" 16and/or 17.BR "dst" 18specifications and there can be no more than six of them. 19.TP 20\fB\-\-timeout\fP \fIvalue\fP 21when adding an entry, the timeout value to use instead of the default 22one from the set definition 23.TP 24\fB\-\-exist\fP 25when adding an entry if it already exists, reset the timeout value 26to the specified one or to the default from the set definition 27.TP 28\fB\-\-map\-set\fP \fIset\-name\fP 29the set-name should be created with --skbinfo option 30\fB\-\-map\-mark\fP 31map firewall mark to packet by lookup of value in the set 32\fB\-\-map\-prio\fP 33map traffic control priority to packet by lookup of value in the set 34\fB\-\-map\-queue\fP 35map hardware NIC queue to packet by lookup of value in the set 36.IP 37The 38\fB\-\-map\-set\fP 39option can be used from the mangle table only. The 40\fB\-\-map\-prio\fP 41and 42\fB\-\-map\-queue\fP 43flags can be used in the OUTPUT, FORWARD and POSTROUTING chains. 44.PP 45Use of \-j SET requires that ipset kernel support is provided, which, for 46standard kernels, is the case since Linux 2.6.39. 47