ipset hash:net:port:net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi everyone.

1. In the latest ipset, adding "1.2.3.4/0,tcp:0,1.2.3.0/24" is not
allowed. I would like it to be allowed. It should match on any TCP
traffic that matches source and destination.
2. The same for protocol number 0. I want  "1.2.3.4/0,0:0,1.2.3.0/24"
to match all traffic that matches source and destination.

These requirements come from the real cases, where an administrator
adds rules to control access to his networks.

Is it possible to make such changes? TCP port 0 is not real thing, as
well as IP protocol 0. So we can give them special meaning in IPSets.

although icmp:0 is not so clear in this case. Possibly allow to set -1
? as protocol or port for matching any ?

-- 
Segmentation fault



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux