extensions/libxt_SET.man - platform/external/iptables - Git at Google

 This modules adds and/or deletes entries from IP sets which can be defined
 by ipset(8).
 .TP
 \fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
 add the address(es)/port(s) of the packet to the sets
 .TP
 \fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
 delete the address(es)/port(s) of the packet from the sets
 .IP
 where flags are
 .BR "src"
 and/or
 .BR "dst"
 specifications and there can be no more than six of them.
 .TP
 \fB\-\-timeout\fP \fIvalue\fP
 when adding entry, the timeout value to use instead of the default
 one from the set definition
 .TP
 \fB\-\-exist\fP
 when adding entry if it already exists, reset the timeout value
 to the specified one or to the default from the set definition
 .PP
 Use of -j SET requires that ipset kernel support is provided. As standard
 kernels do not ship this currently, the ipset or Xtables-addons package needs
 to be installed.
	This modules adds and/or deletes entries from IP sets which can be defined
	by ipset(8).
	.TP
	\fB\-\-add\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
	add the address(es)/port(s) of the packet to the sets
	.TP
	\fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
	delete the address(es)/port(s) of the packet from the sets
	.IP
	where flags are
	.BR "src"
	and/or
	.BR "dst"
	specifications and there can be no more than six of them.
	.TP
	\fB\-\-timeout\fP \fIvalue\fP
	when adding entry, the timeout value to use instead of the default
	one from the set definition
	.TP
	\fB\-\-exist\fP
	when adding entry if it already exists, reset the timeout value
	to the specified one or to the default from the set definition
	.PP
	Use of -j SET requires that ipset kernel support is provided. As standard
	kernels do not ship this currently, the ipset or Xtables-addons package needs
	to be installed.