/etc/firewalld/ipsets/ipset.xml /usr/lib/firewalld/ipsets/ipset.xml
A firewalld ipset configuration file provides the information of an ip set for firewalld. The most important configuration options are type, option and entry.
This example configuration file shows the structure of an ipset configuration file:
<?xml version="1.0" encoding="utf-8"?> <ipset type="hash:ip"> <short>My Ipset</short> <description>description</description> <entry>1.2.3.4</entry> <entry>1.2.3.5</entry> <entry>1.2.3.6</entry> </ipset>
The config can contain these tags and attributes. Some of them are mandatory, others optional.
The mandatory ipset start and end tag defines the ipset. This tag can only be used once in a ipset configuration file. There is one mandatory and also optional attributes for ipsets:
type="string"
version="string"
Is an optional start and end tag and is used to give an ipset a more readable name.
Is an optional start and end tag to have a description for a ipset.
Is an optional empty-element tag and can be used several times to have more than one option. Mostly all attributes of an option entry are mandatory:
name="string"
value="string"
The supported options are: family: "inet"|"inet6", timeout: integer, hashsize: integer, maxelem: integer. For more information on these options, please have a look at the ipset documentation.
Is an optional start and end tag and can be used several times to have more than one entry entry. An entry entry does not have attributes.
firewalld home page:
More documentation with examples:
Thomas Woerner <twoerner@redhat.com>
Jiri Popelka <jpopelka@redhat.com>
Eric Garver <eric@garver.life>