Hi, On the current Fedora Rawhide kernel (2.6.39-0.rc2.git0.0.fc16), I am seeing the following two issues: 1. Attempting to create a -j SET rule with a certain invalid set of flags leaks a reference to the specified pool: # ipset create foo hash:ip # ipset list foo | grep References References: 0 # iptables -A INPUT -j SET --del-set foo src,src,src,src,src,src iptables: Numerical result out of range. # ipset list foo | grep References References: 1 # 2. --del-set doesn't seem to work (or I don't understand how it's supposed to work): # ipset create bar hash:ip # ipset add bar 127.0.0.1 # iptables -I INPUT -s 127.0.0.1 -p icmp -j SET --del-set bar src # ping -c 1 127.0.0.1 [...] # iptables -L INPUT -v | grep SET 2 168 SET icmp -- * * 127.0.0.1 0.0.0.0/0 del-set bar src,dst,dst,dst,dst,dst # ipset list bar [...] Members: 127.0.0.1 # thanks, Lennert -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
