On Tue, 27 Nov 2012, Ricardo Klein wrote: > When I creta an ipset like this: > ipset -N SET_MACS bitmap:ip,mac range 0.0.0.0/0 > > I got kernel panic when run: > ipset list That can't be ipset 6.16, neither in the kernel, nor the ipset binary. The bug is fixed in ipset 6.15. You are running kernel modules and ipset binary from earlier releases. > Anyway, we need some rules here based on mac address (no matter what > ip address the machine have, because some of them are in DHCP). > I know that a mac address can be easy cloned, but, still, we need that > for some rules... > > Can we have a set type "mac address" ? Only mac, with no ip? > > O tried "ipset -N SET_MACS_ADM bitmap:ip,mac range 10.0.0.0/8" too but got: > ipset v6.16: The range you specified exceeds the size limit of the set type > > "ipset -N SET_MACS_ADM bitmap:ip,mac range 10.0.0.0/16" woked... > > But again, this does not do the job because I need to set a rule based > on mac address and dinamic ip addresses. Holger Eitzenberger is working on a hash:mac type. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html