1 This modules adds and/or deletes entries from IP sets which can be defined 2 by ipset(8). 3 .TP 4 \fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] 5 add the address(es)/port(s) of the packet to the sets 6 .TP 7 \fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] 8 delete the address(es)/port(s) of the packet from the sets 9 .IP 10 where flags are 11 .BR "src" 12 and/or 13 .BR "dst" 14 specifications and there can be no more than six of them. 15 .TP 16 \fB\-\-timeout\fP \fIvalue\fP 17 when adding entry, the timeout value to use instead of the default 18 one from the set definition 19 .TP 20 \fB\-\-exist\fP 21 when adding entry if it already exists, reset the timeout value 22 to the specified one or to the default from the set definition 23 .PP 24 Use of -j SET requires that ipset kernel support is provided. As standard 25 kernels do not ship this currently, the ipset or Xtables-addons package needs 26 to be installed. 27
