On Saturday 2012-05-12 00:58, Mr Dash Four wrote: >>> I don't suppose you are working on ways to include ipset targets in tc by any >>> chance, are you? *hopeful look* >>> >> >> Nothing required, all iptables targets are supported by tc. >> > I meant ipsets themselves. In other words, instead of: > > tc filter add dev ifb0 protocol ip parent be:0 prio 10 u32 match ip src > 10.1.1.1/24 match ip dst 10.2.1.1/24 match ip protocol 6 ... > > to have ipset matching on src, destination, protocol etc instead of specifying > hard-coded values, like "10.1.1.1/24", "10.2.1.1/24" and "protocol 6" in the > above example. > > To my knowledge, that isn't yet possible or have I missed something? There's always the nfmark that you can use, of course. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
