anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-08 13:44:56 +02:00
Code Issues Releases Wiki Activity

ipset/doc: clarify terms "ip" and "cidrsize"

Browse Source 
IP refers to Internet Protocol; adding "address" is therefore beneficial.
The CIDR size is better known as "prefix length".

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This commit is contained in:
Jan Engelhardt
2009-11-11 13:52:04 +01:00
parent a4afc4159e
commit 11af976e8b
1 changed files with 37 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
extensions/ipset/ipset.8
View File

@@ -99,15 +99,15 @@ the set, then add all elements. Then create the next set, add all its elements
and so on. Also, it is a restore operation, so the sets being restored must and so on. Also, it is a restore operation, so the sets being restored must
not exist. not exist.
.TP .TP
\fB\-A\fP, \fB\-\-add\fP \fIsetname\fP \fIIP\fP \fB\-A\fP, \fB\-\-add\fP \fIsetname\fP \fIaddress\fP
Add an IP entry to a set. Add an IP address entry to a set.
.TP .TP
\fB\-D\fP, \fB\-\-del\fP \fIsetname\fP \fIIP\fP \fB\-D\fP, \fB\-\-del\fP \fIsetname\fP \fIaddress\fP
Delete an IP entry from a set. Delete an IP address entry from a set.
.TP .TP
\fB-T\fP, \fB\-\-test\fP \fIsetname\fP \fIIP\fP \fB-T\fP, \fB\-\-test\fP \fIsetname\fP \fIaddress\fP
Test wether an IP entry is in a set or not. Exit status number is zero Test wether an IP address entry is in a set or not. Exit status number is zero
if the tested IP is in the set and nonzero if it is missing from if the tested address is in the set and nonzero if it is missing from
the set. the set.
.TP .TP
\fB\-H\fP, \fB\-\-help\fP [\fIsettype\fP] \fB\-H\fP, \fB\-\-help\fP [\fIsettype\fP]
@@ -153,20 +153,20 @@ by masking the address with the specified netmask, can be found in the set.
.P .P
Options to use when creating an ipmap set: Options to use when creating an ipmap set:
.TP .TP
\fB\-\-from\fP \fIfrom-ip\fP \fB\-\-from\fP \fIfrom-addr\fP
.TP .TP
\fB\-\-to\fP \fIto-ip\fP \fB\-\-to\fP \fIto-addr\fP
Create an ipmap set from the specified range. Create an ipmap set from the specified address range.
.TP .TP
\fB\-\-network\fP \fIip\fP\fB/\fP\fImask\fP \fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP
Create an ipmap set from the specified network. Create an ipmap set from the specified network.
.TP .TP
\fB\-\-netmask\fP \fIcidr-netmask\fP \fB\-\-netmask\fP \fIprefixlen\fP
When the optional When the optional
\fB\-\-netmask\fP \fB\-\-netmask\fP
parameter specified, network addresses will be parameter specified, network addresses will be
stored in the set instead of IP addresses, and the \fIfrom-ip\fP parameter stored in the set instead of IP addresses, and the \fIfrom-addr\fP parameter
must be a network address. The \fIcidr-netmask\fP value must be between 1-31. must be a network address. The \fIprefixlen\fP value must be between 1-31.
.PP .PP
Example: Example:
.IP .IP
@@ -183,12 +183,12 @@ part is not mandatory.
.P .P
Options to use when creating an macipmap set: Options to use when creating an macipmap set:
.TP .TP
\fB\-\-from\fP \fIfrom-ip\fP \fB\-\-from\fP \fIfrom-addr\fP
.TP .TP
\fB\-\-to\fP \fIto-ip\fP \fB\-\-to\fP \fIto-addr\fP
Create a macipmap set from the specified range. Create a macipmap set from the specified address range.
.TP .TP
\fB\-\-network\fP \fIip\fP\fB/\fP\fImask\fP \fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP
Create a macipmap set from the specified network. Create a macipmap set from the specified network.
.TP .TP
\fB\-\-matchunset\fP \fB\-\-matchunset\fP
@@ -216,14 +216,14 @@ Options to use when creating an portmap set:
\fB\-\-from\fP \fIfrom-port\fP \fB\-\-from\fP \fIfrom-port\fP
.TP .TP
\fB\-\-to\fP \fIto-port\fP \fB\-\-to\fP \fIto-port\fP
Create a portmap set from the specified range. Create a portmap set from the specified port range.
.SS iphash .SS iphash
The iphash set type uses a hash to store IP addresses. The iphash set type uses a hash to store IP addresses.
In order to avoid clashes in the hash double-hashing, and as a last In order to avoid clashes in the hash double-hashing, and as a last
resort, dynamic growing of the hash performed. The iphash set type is resort, dynamic growing of the hash performed. The iphash set type is
great to store random addresses. If the optional great to store random addresses. If the optional
\fB\-\-netmask\fP \fB\-\-netmask\fP
parameter is specified with a CIDR netmask value between 1-31 then parameter is specified with a CIDR prefix length value between 1-31 then
network addresses are stored in the given set: i.e an network addresses are stored in the given set: i.e an
IP address will be in the set if the network address, which is resulted IP address will be in the set if the network address, which is resulted
by masking the address with the specified netmask, can be found in the set. by masking the address with the specified netmask, can be found in the set.
@@ -243,11 +243,11 @@ an IP to the hash could not be performed after
\fIprobes\fP \fIprobes\fP
number of double-hashing. number of double-hashing.
.TP .TP
\fB\-\-netmask\fP \fIcidr-netmask\fP \fB\-\-netmask\fP \fIprefixlen\fP
When the optional When the optional
\fB\-\-netmask\fP \fB\-\-netmask\fP
parameter specified, network addresses will be parameter specified, network addresses will be
stored in the set instead of IP addresses. The \fIcidr-netmask\fP value must stored in the set instead of IP addresses. The \fIprefixlen\fP value must
be between 1-31. be between 1-31.
.P .P
The iphash type of sets can store up to 65536 entries. If a set is full, The iphash type of sets can store up to 65536 entries. If a set is full,
@@ -271,7 +271,7 @@ network addresses. The
.I .I
IP IP
"address" used in the ipset commands must be in the form "address" used in the ipset commands must be in the form
"\fIip-address\fP\fB/\fP\fIcidr-size\fP" "\fIip-address\fP\fB/\fP\fIprefixlen\fP"
where the CIDR block size must be in the inclusive range of 1-31. where the CIDR block size must be in the inclusive range of 1-31.
In order to avoid clashes in the hash In order to avoid clashes in the hash
double-hashing, and as a last resort, dynamic growing of the hash performed. double-hashing, and as a last resort, dynamic growing of the hash performed.
@@ -324,12 +324,12 @@ target.
.P .P
Options to use when creating an ipporthash set: Options to use when creating an ipporthash set:
.TP .TP
\fB\-\-from\fP \fIfrom-ip\fP \fB\-\-from\fP \fIfrom-addr\fP
.TP .TP
\fB\-\-to\fP \fIto-ip\fP \fB\-\-to\fP \fIto-addr\fP
Create an ipporthash set from the specified range. Create an ipporthash set from the specified address range.
.TP .TP
\fB\-\-network\fP \fIip\fP\fB/\fP\fImask\fP \fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP
Create an ipporthash set from the specified network. Create an ipporthash set from the specified network.
.TP .TP
\fB\-\-hashsize\fP \fIhashsize\fP \fB\-\-hashsize\fP \fIhashsize\fP
@@ -363,12 +363,12 @@ target.
.P .P
Options to use when creating an ipportiphash set: Options to use when creating an ipportiphash set:
.TP .TP
\fB\-\-from\fP \fIfrom-ip\fP \fB\-\-from\fP \fIfrom-addr\fP
.TP .TP
\fB\-\-to\fP \fIto-ip\fP \fB\-\-to\fP \fIto-addr\fP
Create an ipportiphash set from the specified range. Create an ipportiphash set from the specified address range.
.TP .TP
\fB\-\-network\fP \fIip\fP\fB/\fP\fImask\fP \fB\-\-network\fP \fIaddr\fP\fB/\fP\fImask\fP
Create an ipportiphash set from the specified network. Create an ipportiphash set from the specified network.
.TP .TP
\fB\-\-hashsize\fP \fIhashsize\fP \fB\-\-hashsize\fP \fIhashsize\fP
@@ -394,7 +394,7 @@ parameters are arbitrary, but the size of the network address must be
between /1-/31. When adding, deleting between /1-/31. When adding, deleting
and testing values in an ipportnethash type of set, the entries must be and testing values in an ipportnethash type of set, the entries must be
specified as specified as
"\fIip\fP\fB,\fP\fIip\fP\fB/\fP\fIcidr-size\fP". "\fIaddress\fP\fB,\fP\fIaddress\fP\fB/\fP\fIprefixlen\fP".
.P .P
The ipportnethash types of sets evaluates three src/dst parameters of the The ipportnethash types of sets evaluates three src/dst parameters of the
"set" "set"
@@ -404,12 +404,12 @@ target.
.P .P
Options to use when creating an ipportnethash set: Options to use when creating an ipportnethash set:
.TP .TP
\fB\-\-from\fP \fIfrom-ip\fP \fB\-\-from\fP \fIfrom-address\fP
.TP .TP
\fB\-\-to\fP \fIto-ip\fP \fB\-\-to\fP \fIto-address\fP
Create an ipporthash set from the specified range. Create an ipporthash set from the specified range.
.TP .TP
\fB\-\-network\fP \fIip\fP\fB/\fP\fImask\fP \fB\-\-network\fP \fIaddress\fP\fB/\fP\fImask\fP
Create an ipporthash set from the specified network. Create an ipporthash set from the specified network.
.TP .TP
\fB\-\-hashsize\fP \fIhashsize\fP \fB\-\-hashsize\fP \fIhashsize\fP
@@ -440,7 +440,7 @@ If a set was created with a nonzero valued
\fB\-\-timeout\fP \fB\-\-timeout\fP
parameter then one may add IP addresses to the set with a specific parameter then one may add IP addresses to the set with a specific
timeout value using the syntax timeout value using the syntax
"\fIip\fP\fB,\fP\fItimeout-value\fP". "\fIaddress\fP\fB,\fP\fItimeout-value\fP".
Similarly to the hash types, the iptree type of sets can store up to 65536 Similarly to the hash types, the iptree type of sets can store up to 65536
entries. entries.
.SS iptreemap .SS iptreemap
@@ -448,7 +448,7 @@ The iptreemap set type uses a tree to store IP addresses or networks,
where the last octet of an IP address are stored in a bitmap. where the last octet of an IP address are stored in a bitmap.
As input entry, you can add IP addresses, CIDR blocks or network ranges As input entry, you can add IP addresses, CIDR blocks or network ranges
to the set. Network ranges can be specified in the format to the set. Network ranges can be specified in the format
"\fIip1\fP\fB-\fP\fIip2\fP". "\fIaddress1\fP\fB-\fP\fIaddress2\fP".
.P .P
Options to use when creating an iptreemap set: Options to use when creating an iptreemap set:
.TP .TP