File: firewalld.ipset.xml

package info (click to toggle)
firewalld 2.4.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 28,900 kB
  • sloc: sh: 242,081; python: 29,155; xml: 13,238; makefile: 929
file content (161 lines) | stat: -rw-r--r-- 4,735 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
 
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[
<!ENTITY authors SYSTEM "authors.xml">
<!ENTITY seealso SYSTEM "seealso.xml">
<!ENTITY notes SYSTEM "notes.xml">
]>

<!--
  SPDX-License-Identifier: GPL-2.0-or-later

  This file is part of firewalld.

  Copyright (C) 2010-2013 Red Hat, Inc.

  Authors:
  Thomas Woerner <twoerner@redhat.com>
-->

<refentry id="firewalld.ipset">

  <refentryinfo>
    <title>firewalld.ipset</title>
    <productname>firewalld</productname>
    &authors;
  </refentryinfo>

  <refmeta>
    <refentrytitle>firewalld.ipset</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>firewalld.ipset</refname>
    <refpurpose>firewalld ipset configuration files</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para>
      <programlisting>
<filename><config.sysconfdir/>/firewalld/ipsets/ipset.xml</filename>
<filename><config.prefix/>/lib/firewalld/ipsets/ipset.xml</filename>
      </programlisting>
    </para>
  </refsynopsisdiv>

  <refsect1 id="description">
    <title>Description</title>

    <para>
      A firewalld ipset configuration file provides the information of an ip set for firewalld. The most important configuration options are type, option and entry.
    </para>

    <para>
      This example configuration file shows the structure of an ipset configuration file:

      <programlisting>
&lt;?xml version="1.0" encoding="utf-8"?&gt;
&lt;ipset type="<replaceable>hash:ip</replaceable>"&gt;
  &lt;short&gt;<replaceable>My Ipset</replaceable>&lt;/short&gt;
  &lt;description&gt;<replaceable>description</replaceable>&lt;/description&gt;
  &lt;entry&gt;<replaceable>1.2.3.4</replaceable>&lt;/entry&gt;
  &lt;entry&gt;<replaceable>1.2.3.5</replaceable>&lt;/entry&gt;
  &lt;entry&gt;<replaceable>1.2.3.6</replaceable>&lt;/entry&gt;
&lt;/ipset&gt;
      </programlisting>
    </para>
  </refsect1>

  <refsect1 id="options">
    <title>Options</title>
    <para>
      The config can contain these tags and attributes. Some of them are mandatory, others optional.
    </para>

    <refsect2 id="options_ipset">
      <title>ipset</title>
      <para>
	The mandatory ipset start and end tag defines the ipset. This tag can only be used once in a ipset configuration file. There is one mandatory and also optional attributes for ipsets:
      </para>

      <variablelist>
	<varlistentry>
	  <term>type="<replaceable>string</replaceable>"</term>
          <listitem>
	    <para>
              The mandatory type of the ipset. To get the list of supported types, use <command>firewall-cmd --get-ipset-types</command>.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term>version="<replaceable>string</replaceable>"</term>
          <listitem>
	    <para>
              To give the ipset a version.
	    </para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </refsect2>

    <refsect2 id="options_short">
      <title>short</title>
      <para>
	Is an optional start and end tag and is used to give an ipset a more	readable name.
      </para>
    </refsect2>

    <refsect2 id="options_description">
      <title>description</title>
      <para>
	Is an optional start and end tag to have a description for a ipset.
      </para>
    </refsect2>

    <refsect2 id="options_option">
      <title>option</title>
      <para>
	Is an optional empty-element tag and can be used several times to have more than one option. Mostly all attributes of an option entry are mandatory:
      </para>

      <variablelist>
	<varlistentry>
	  <term>name="<replaceable>string</replaceable>"</term>
          <listitem>
	    <para>
	      The mandatory option name <replaceable>string</replaceable>.
	    </para>
	  </listitem>
	</varlistentry>

	<varlistentry>
	  <term>value="<replaceable>string</replaceable>"</term>
          <listitem>
	    <para>
              The optional value of the option.
	    </para>
	  </listitem>
	</varlistentry>
      </variablelist>

      <para>
	The supported options are: family: <replaceable>"inet"</replaceable>|<replaceable>"inet6"</replaceable>, timeout: <replaceable>integer</replaceable>, hashsize: <replaceable>integer</replaceable>, maxelem: <replaceable>integer</replaceable>. For more information on these options, please have a look at the ipset documentation.
      </para>
    </refsect2>

    <refsect2 id="options_entry">
      <title>entry</title>
      <para>
	Is an optional start and end tag and can be used several times to have more than one entry entry. An entry entry does not have attributes.
      </para>

    </refsect2>

  </refsect1>

  &seealso;

  &notes;

</refentry>