On Fri, 1 Oct 2010, Anand Raj Manickam wrote: > On Fri, Oct 1, 2010 at 12:50 PM, Jozsef Kadlecsik > <kadlec@xxxxxxxxxxxxxxxxx> wrote: > > On Fri, 1 Oct 2010, Anand Raj Manickam wrote: > > > >> I m just learning to use ipsets . > >> I have a basic doubt > >> > >> Suppose i create a ipset > >> > >> ipset -N test ipmap --network 192.168.0.0/16 > >> > >> add a few ips > >> #ipset -A test 192.168.0.1 > >> .. > >> > >> if i want to have 1 chain per ip > >> > >> 192.168.0.1 to CHAIN1 > >> .. > >> 192.168.0.100 to CHAIN100 > > > > If you mean to store the IP addresses in a set and use it to "jump" to the > > chains, then no, that's not possible. > > Do you think its a good idea to create a ipset type .. > > ipset -N test ipmapchain --network 192.168.0.0/16 > > ipset -A test 192.168.0.1 CHAIN1 > .. > ipset -A test 192.168.0.100 CHAIN100 > > mabbe a new > > iptables -A FORWARD -m set --set test src,dst,chain > > Please correct me if there are complications on this idea or its > nonsense to do this ;-) It is not possible to create such a set type: there's no API, infrastructure to refer to a chain outside from netfilter. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
