I meant ipsets themselves. In other words, instead of:
tc filter add dev ifb0 protocol ip parent be:0 prio 10 u32 match ip src
10.1.1.1/24 match ip dst 10.2.1.1/24 match ip protocol 6 ...
to have ipset matching on src, destination, protocol etc instead of specifying
hard-coded values, like "10.1.1.1/24", "10.2.1.1/24" and "protocol 6" in the
above example.
To my knowledge, that isn't yet possible or have I missed something?
There's always the nfmark that you can use, of course.
So, it is not supported then - as I thought it won't be.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
