Hi, On Mon, 25 Jul 2011, Ed W wrote: > Many thanks for ipset. Quick question please: I'm implementing a > captive portal and I have an ipset (CP) containing bitmap:ip,mac. How > should I best implement rules to: > > - Drop packets from same IP, different MAC > > I might be missing the obvious, but how do I query to match on IP, then > drop IP with a mismatching MAC (in the bitmap ipset)? Can this be done > without a second ipset tracking only IP? At a first glance I'd allow packets from (IP, MAC) and drop everything else, i.e. (same IP, different MAC) and (different IP, same MAC), etc. If you want to match the IP address only, too, then a single set is not sufficient, unfortunately. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
