• System Section
• Interface Section
• Routing Section
• Mangling Section
• IP Lists
• Actions
• Modules

• Interface Tests
• Ethernet Tests
• IP Tests
• ICMP Tests
• TCP Tests
• UDP Tests
• TCPStream Tests
• DNS Tests
• HTTP Tests
• Includes

IP Lists are a convient was to specify a list of IPs in other parts of the config and rules files. You can substitute an IP List for and IP in nearly any field. Hogwash only processes a given IP List once reguardless of the number of times it's used making it more efficient to declare IPs inside IP Lists that to specify them in a rule or module.

A typical IP list looks like:

<IPList WebServers>
10.4.0.0/16
10.3.14.1
10.2.1.3-10.2.1.6
</list>

There are several ways to specify IPs in an IP list. The first is just to list out all the IPs.

10.0.0.14
10.0.0.17
10.0.0.21

You can also use CIDR notation like:

10.100.100.0/24
0.0.0.0/0

To specify any IP use 0.0.0.0/0. I'll be adding an "any" keyword when I get around to it.

An then you can always specify a range like:

10.3.0.0-10.4.255.255
10.1.1.5-10.1.1.7

To use an IP List, simply insert the name whereever an IP is appropriate:

<rule>
ip dst(WebServers, 10.3.3.3)
</rule>

IP Lists can be nested into other IP Lists like:

<IPList WebServers>
10.4.1.14
10.4.1.15
10.4.1.19
</list>

<IPList DNSServers>
10.0.0.52
</list>

<IPList FTPServers>
10.4.1.26
10.4.3.54
</list>

<IPList AllServers>
WebServers
DNSServers
FTPServers
10.4.1.1
</list>