Hi, I'm using ipsets and it appears as if ipsets do not have counters for packet matching, you can only count packets that match an entire set. For example, if I do: iptables -v -n -x -m set -L input --set accounting src,dst it only prints the packet counts of the ipsets, not the specific ip addresses in the sets. Is there a way I can get iptables to tell me the packets of a particular IP in an ipset? I can create an ipmap ipset for each individual IP that I want to count, and then count each of those set's packet counts, but do I gain anything by doing this (ie. does using ipsets save me any memory or CPU in this scenario?) Thanks, micah
