xref: /aosp_15_r20/external/iptables/extensions/libxt_SET.man (revision a71a954618bbadd4a345637e5edcf36eec826889) 
1*a71a9546SAutomerger Merge WorkerThis module adds and/or deletes entries from IP sets which can be defined
2*a71a9546SAutomerger Merge Workerby ipset(8).
3*a71a9546SAutomerger Merge Worker.TP
4*a71a9546SAutomerger Merge Worker\fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
5*a71a9546SAutomerger Merge Workeradd the address(es)/port(s) of the packet to the set
6*a71a9546SAutomerger Merge Worker.TP
7*a71a9546SAutomerger Merge Worker\fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
8*a71a9546SAutomerger Merge Workerdelete the address(es)/port(s) of the packet from the set
9*a71a9546SAutomerger Merge Worker.TP
10*a71a9546SAutomerger Merge Worker\fB\-\-map\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
11*a71a9546SAutomerger Merge Worker[\-\-map\-mark] [\-\-map\-prio] [\-\-map\-queue]
12*a71a9546SAutomerger Merge Workermap packet properties (firewall mark, tc priority, hardware queue)
13*a71a9546SAutomerger Merge Worker.IP
14*a71a9546SAutomerger Merge Workerwhere \fIflag\fP(s) are
15*a71a9546SAutomerger Merge Worker.BR "src"
16*a71a9546SAutomerger Merge Workerand/or
17*a71a9546SAutomerger Merge Worker.BR "dst"
18*a71a9546SAutomerger Merge Workerspecifications and there can be no more than six of them.
19*a71a9546SAutomerger Merge Worker.TP
20*a71a9546SAutomerger Merge Worker\fB\-\-timeout\fP \fIvalue\fP
21*a71a9546SAutomerger Merge Workerwhen adding an entry, the timeout value to use instead of the default
22*a71a9546SAutomerger Merge Workerone from the set definition
23*a71a9546SAutomerger Merge Worker.TP
24*a71a9546SAutomerger Merge Worker\fB\-\-exist\fP
25*a71a9546SAutomerger Merge Workerwhen adding an entry if it already exists, reset the timeout value
26*a71a9546SAutomerger Merge Workerto the specified one or to the default from the set definition
27*a71a9546SAutomerger Merge Worker.TP
28*a71a9546SAutomerger Merge Worker\fB\-\-map\-set\fP \fIset\-name\fP
29*a71a9546SAutomerger Merge Workerthe set-name should be created with --skbinfo option
30*a71a9546SAutomerger Merge Worker\fB\-\-map\-mark\fP
31*a71a9546SAutomerger Merge Workermap firewall mark to packet by lookup of value in the set
32*a71a9546SAutomerger Merge Worker\fB\-\-map\-prio\fP
33*a71a9546SAutomerger Merge Workermap traffic control priority to packet by lookup of value in the set
34*a71a9546SAutomerger Merge Worker\fB\-\-map\-queue\fP
35*a71a9546SAutomerger Merge Workermap hardware NIC queue to packet by lookup of value in the set
36*a71a9546SAutomerger Merge Worker.IP
37*a71a9546SAutomerger Merge WorkerThe
38*a71a9546SAutomerger Merge Worker\fB\-\-map\-set\fP
39*a71a9546SAutomerger Merge Workeroption can be used from the mangle table only. The
40*a71a9546SAutomerger Merge Worker\fB\-\-map\-prio\fP
41*a71a9546SAutomerger Merge Workerand
42*a71a9546SAutomerger Merge Worker\fB\-\-map\-queue\fP
43*a71a9546SAutomerger Merge Workerflags can be used in the OUTPUT, FORWARD and POSTROUTING chains.
44*a71a9546SAutomerger Merge Worker.PP
45*a71a9546SAutomerger Merge WorkerUse of \-j SET requires that ipset kernel support is provided, which, for
46*a71a9546SAutomerger Merge Workerstandard kernels, is the case since Linux 2.6.39.
47