ipset does not support NET_NS. All containers have a common ipsets. Host: root@ls-gw2:~# ipset -V ipset v6.19, protocol version: 6 root@ls-gw2:~# uname -r 3.10.10 iroot@ls-gw2:~# pset -N xxx hash:ip root@ls-gw2:~# ipset -A xxx 1.1.1.1 LXC: root@orig:~# ipset -L xxx Name: xxx Type: hash:ip Revision: 1 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8280 References: 0 Members: 1.1.1.1 root@orig:~# ipset -A xxx 2.2.2.2 Host: root@ls-gw2:~# ipset -L Name: xxx Type: hash:ip Revision: 1 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8296 References: 0 Members: 1.1.1.1 2.2.2.2 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
