On Fri, Oct 1, 2010 at 12:50 PM, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> wrote: > On Fri, 1 Oct 2010, Anand Raj Manickam wrote: > >> I m just learning to use ipsets . >> I have a basic doubt >> >> Suppose i create a ipset >> >> ipset -N test ipmap --network 192.168.0.0/16 >> >> add a few ips >> #ipset -A test 192.168.0.1 >> .. >> >> if i want to have 1 chain per ip >> >> 192.168.0.1 to CHAIN1 >> .. >> 192.168.0.100 to CHAIN100 > > If you mean to store the IP addresses in a set and use it to "jump" to the > chains, then no, that's not possible. > > Best regards, > Jozsef > - > E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx > PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt > Address : KFKI Research Institute for Particle and Nuclear Physics > H-1525 Budapest 114, POB. 49, Hungary > Thanks, Do you think its a good idea to create a ipset type .. ipset -N test ipmapchain --network 192.168.0.0/16 ipset -A test 192.168.0.1 CHAIN1 .. ipset -A test 192.168.0.100 CHAIN100 mabbe a new iptables -A FORWARD -m set --set test src,dst,chain Please correct me if there are complications on this idea or its nonsense to do this ;-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
