Updated manpage to reflect wider input possibilities in the ipset tool.

diff --git a/src/ipset.8 b/src/ipset.8
index bbb09de3c39e76da4a3954e4444fbd3921fb56ab..b9ca8a563190fbcc5d96d950d0988902537d0992 100644 (file)
--- a/src/ipset.8
+++ b/src/ipset.8
@@ -238,13 +238,13 @@ to 65536 entries.
 .PP 
 \fICREATE\-OPTIONS\fR := \fBrange\fP \fIfromip\fP\-\fItoip\fR|\fIip\fR/\fIcidr\fR [ \fBnetmask\fP \fIcidr\fP ] [ \fBtimeout\fR \fIvalue\fR ]
 .PP 
-\fIADD\-ENTRY\fR := { \fIipaddr\fR | \fIfromip\fR\-\fItoip\fR | \fIipaddr\fR/\fIcidr\fR }
+\fIADD\-ENTRY\fR := { \fIip\fR | \fIfromip\fR\-\fItoip\fR | \fIip\fR/\fIcidr\fR }
 .PP 
 \fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ]
 .PP 
-\fIDEL\-ENTRY\fR := { \fIipaddr\fR | \fIfromip\fR\-\fItoip\fR | \fIipaddr\fR/\fIcidr\fR }
+\fIDEL\-ENTRY\fR := { \fIip\fR | \fIfromip\fR\-\fItoip\fR | \fIip\fR/\fIcidr\fR }
 .PP 
-\fITEST\-ENTRY\fR := \fIipaddr\fR
+\fITEST\-ENTRY\fR := \fIip\fR
 .PP 
 Mandatory \fBcreate\fR options:
 .TP 
@@ -278,13 +278,13 @@ The \fBbitmap:ip,mac\fR set type uses a memory range to store IPv4 and a MAC add
 .PP 
 \fICREATE\-OPTIONS\fR := \fBrange\fP \fIfromip\fP\-\fItoip\fR|\fIip\fR/\fIcidr\fR [ \fBtimeout\fR \fIvalue\fR ]
 .PP 
-\fIADD\-ENTRY\fR := \fIipaddr\fR[,\fImacaddr\fR]
+\fIADD\-ENTRY\fR := \fIip\fR[,\fImacaddr\fR]
 .PP 
 \fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ]
 .PP 
-\fIDEL\-ENTRY\fR := \fIipaddr\fR[,\fImacaddr\fR]
+\fIDEL\-ENTRY\fR := \fIip\fR[,\fImacaddr\fR]
 .PP 
-\fITEST\-ENTRY\fR := \fIipaddr\fR[,\fImacaddr\fR]
+\fITEST\-ENTRY\fR := \fIip\fR[,\fImacaddr\fR]
 .PP 
 Mandatory options to use when creating a \fBbitmap:ip,mac\fR type of set:
 .TP 
@@ -352,13 +352,6 @@ type of set.
 .PP 
 \fITEST\-ENTRY\fR := \fIipaddr\fR
 .PP 
-For the \fBinet\fR family one can add or delete multiple entries by specifying
-a range or a network:
-.PP 
-\fIADD\-ENTRY\fR := { \fIipaddr\fR | \fIfromaddr\fR\-\fItoaddr\fR | \fIipaddr\fR/\fIcidr\fR }
-.PP 
-\fIDEL\-ENTRY\fR := { \fIipaddr\fR | \fIfromaddr\fR\-\fItoaddr\fR | \fIipaddr\fR/\fIcidr\fR }
-.PP 
 Optional \fBcreate\fR options:
 .TP 
 \fBfamily\fR { \fBinet\fR | \fBinet6\fR }
@@ -380,11 +373,16 @@ between 1\-32 for IPv4 and between 1\-128 for IPv6. An IP address will be in the
 if the network address, which is resulted by masking the address with the netmask
 calculated from the prefix, can be found in the set.
 .PP 
+For the \fBinet\fR family one can add or delete multiple entries by specifying
+a range or a network:
+.PP 
+\fIipaddr\fR := { \fIip\fR | \fIfromaddr\fR\-\fItoaddr\fR | \fIip\fR/\fIcidr\fR }
+.PP 
 Examples:
 .IP 
 ipset create foo hash:ip netmask 24
 .IP 
-ipset add foo 192.168.1.1
+ipset add foo 192.168.1.1\-192.168.1.2
 .IP 
 ipset test foo 192.168.1.2
 .SS hash:net
@@ -393,13 +391,13 @@ Network address with zero prefix size cannot be stored in this type of sets.
 .PP 
 \fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ]
 .PP 
-\fIADD\-ENTRY\fR := \fIipaddr\fR[/\fIcidr\fR]
+\fIADD\-ENTRY\fR := \fIip\fR[/\fIcidr\fR]
 .PP 
 \fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ]
 .PP 
-\fIDEL\-ENTRY\fR := \fIipaddr\fR[/\fIcidr\fR]
+\fIDEL\-ENTRY\fR := \fIip\fR[/\fIcidr\fR]
 .PP 
-\fITEST\-ENTRY\fR := \fIipaddr\fR[/\fIcidr\fR]
+\fITEST\-ENTRY\fR := \fIip\fR[/\fIcidr\fR]
 .PP 
 Optional \fBcreate\fR options:
 .TP 
@@ -467,18 +465,24 @@ correct value
 \fBmaxelem\fR \fIvalue\fR
 The maximal number of elements which can be stored in the set, default 65536.
 .PP 
+For the \fBinet\fR family one can add or delete multiple entries by specifying
+a range or a network of IPv4 addresses in the IP address part of the entry:
+.PP 
+\fIipaddr\fR := { \fIip\fR | \fIfromaddr\fR\-\fItoaddr\fR | \fIip\fR/\fIcidr\fR }
+.PP 
 The
 [\fIproto\fR:]\fIport\fR
-part of the elements may be expressed in the following forms:
+part of the elements may be expressed in the following forms, where the range
+variations are valid when adding or deleting entries:
 .TP 
-\fIportname\fR
-TCP port name identifier from /etc/services
+\fIportname[\-portname]\fR
+TCP port or range of ports expressed in TCP portname identifiers from /etc/services
 .TP 
-\fIportnumber\fR
-TCP port number
+\fIportnumber[\-portnumber]\fR
+TCP port or range of ports expressed in TCP port numbers
 .TP 
-\fBtcp\fR|\fBudp\fR:\fIportname\fR|\fIportnumber\fR
-TCP or UDP port name or port number
+\fBtcp\fR|\fBudp\fR:\fIportname\fR|\fIportnumber\fR[\-\fIportname\fR|\fIportnumber\fR]
+TCP or UDP port or port range expressed in port name(s) or port number(s)
 .TP 
 \fBicmp\fR:\fIcodename\fR|\fItype\fR/\fIcode\fR
 ICMP codename or type/code. The supported ICMP codename identifiers can always
@@ -500,7 +504,7 @@ Examples:
 .IP 
 ipset create foo hash:ip,port
 .IP 
-ipset add foo 192.168.1.1,80
+ipset add foo 192.168.1.0/24,80\-82
 .IP 
 ipset add foo 192.168.1.1,udp:53
 .IP 
@@ -573,13 +577,18 @@ protocol (default TCP) and zero protocol number cannot be used.
 .PP 
 \fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ]
 .PP 
-\fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIipaddr\fR
+\fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIip\fR
 .PP 
 \fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ]
 .PP 
-\fIDEL\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIipaddr\fR
+\fIDEL\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIip\fR
 .PP 
-\fITEST\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIipaddr\fR
+\fITEST\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIip\fR
+.PP 
+For the first \fIipaddr\fR and
+[\fIproto\fR:]\fIport\fR
+parts of the elements see the descriptions at the
+\fBhash:ip,port\fR set type.
 .PP 
 Optional \fBcreate\fR options:
 .TP 
@@ -595,11 +604,6 @@ correct value.
 \fBmaxelem\fR \fIvalue\fR
 The maximal number of elements which can be stored in the set, default 65536.
 .PP 
-For the
-[\fIproto\fR:]\fIport\fR
-part of the elements see the description at the
-\fBhash:ip,port\fR set type.
-.PP 
 The \fBhash:ip,port,ip\fR type of sets require
 three \fBsrc\fR/\fBdst\fR parameters of the \fBset\fR match and \fBSET\fR
 target kernel modules.
@@ -619,13 +623,18 @@ address with zero prefix size cannot be stored either.
 .PP 
 \fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ]
 .PP 
-\fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIipaddr\fR[/\fIcidr\fR]
+\fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIip\fR[/\fIcidr\fR]
 .PP 
 \fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ]
 .PP 
-\fIDEL\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIipaddr\fR[/\fIcidr\fR]
+\fIDEL\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIip\fR[/\fIcidr\fR]
+.PP 
+\fITEST\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIip\fR[/\fIcidr\fR]
 .PP 
-\fITEST\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIipaddr\fR[/\fIcidr\fR]
+For the first \fIipaddr\fR and
+[\fIproto\fR:]\fIport\fR
+parts of the elements see the descriptions at the
+\fBhash:ip,port\fR set type.
 .PP 
 Optional \fBcreate\fR options:
 .TP 
@@ -641,11 +650,6 @@ correct value.
 \fBmaxelem\fR \fIvalue\fR
 The maximal number of elements which can be stored in the set, default 65536.
 .PP 
-For the
-[\fIproto\fR:]\fIport\fR
-part of the elements see the description at the
-\fBhash:ip,port\fR set type.
-.PP 
 From the \fBset\fR netfilter match point of view the searching for a match
 always  starts  from  the smallest  size  of netblock (most specific
 cidr) to the largest one (least specific cidr) added to the set.