1 This module adds and/or deletes entries from IP sets which can be defined 2 by ipset(8). 3 .TP 4 \fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] 5 add the address(es)/port(s) of the packet to the set 6 .TP 7 \fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] 8 delete the address(es)/port(s) of the packet from the set 9 .TP 10 \fB\-\-map\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] 11 [\-\-map\-mark] [\-\-map\-prio] [\-\-map\-queue] 12 map packet properties (firewall mark, tc priority, hardware queue) 13 .IP 14 where \fIflag\fP(s) are 15 .BR "src" 16 and/or 17 .BR "dst" 18 specifications and there can be no more than six of them. 19 .TP 20 \fB\-\-timeout\fP \fIvalue\fP 21 when adding an entry, the timeout value to use instead of the default 22 one from the set definition 23 .TP 24 \fB\-\-exist\fP 25 when adding an entry if it already exists, reset the timeout value 26 to the specified one or to the default from the set definition 27 .TP 28 \fB\-\-map\-set\fP \fIset\-name\fP 29 the set-name should be created with --skbinfo option 30 \fB\-\-map\-mark\fP 31 map firewall mark to packet by lookup of value in the set 32 \fB\-\-map\-prio\fP 33 map traffic control priority to packet by lookup of value in the set 34 \fB\-\-map\-queue\fP 35 map hardware NIC queue to packet by lookup of value in the set 36 .IP 37 The 38 \fB\-\-map\-set\fP 39 option can be used from the mangle table only. The 40 \fB\-\-map\-prio\fP 41 and 42 \fB\-\-map\-queue\fP 43 flags can be used in the OUTPUT, FORWARD and POSTROUTING chains. 44 .PP 45 Use of -j SET requires that ipset kernel support is provided, which, for 46 standard kernels, is the case since Linux 2.6.39. 47
