>> Also, I completely forgot ipsets which have/store mac addresses. I >> haven't tested those yet, but I suspect I am going to run into the >> same problem - eth0 vs ifb0. As far as I know ifb0 doesn't have mac >> address, in which case it makes more sense to develop the match >> based on real interfaces, don't you think? > > Its a random mac address. > What about changing this so that the original interface is the 'source' > interface and ifb the 'dest' interface? > > Then you could use > basic match ipset\(h_test-hosts src,dst\) > to ask for ifb0 matching and > basic match ipset\(h_test-hosts src,src,dst\) > for ethX match. I just realised that bitmap:ip,mac type of set (it is the only set which uses mac addresses) matches mac *only* on source and since ifb0 is only used on traffic coming in, then it is a mute point (I still have to test this though) - the above won't be needed, at least not for ip,mac address matching. -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
