<><Randall Grimshaw Room 203 Machinery Hall Syracuse University Syracuse, NY 13244 315-443-5779 rgrimsha@xxxxxxx >>> Menno Smits <menno@xxxxxxxxxxxxxx> 03/09/06 10:36 PM >>> > Is there a reason why the ipset's nethash set type can't be used with > single IPs (/32) as well as larger networks? I'd really like to be able > to use networks and IPs in the same set. you cannot have a legitimate network with only one address. you also need a network address (x.x.x.0) and a broadcast address (x.x.x.3) and two addresses for the communicating systems to use (x.x.x.1 and x.x.x.2) Mircosoft windows and other OS's also enforce this so a /32 isn't practical..... but... I understand your idea though, I needed to define several nearly duplicate rules for NET and IP hashes in our gateway application. Fortunately the cost is minimal compared to the overall efficiency gained by using IPset. (A fabulous tool that needs to become mainstream). <><Randy
