Hello everyone, I would like to ask you to help me with ipset tool because it works other way I expect when I use "timeout" parameter. look: (this is OK without "--timeout") [root@rt ~]# ipset -N ts1 iptree [root@rt ~]# ipset -A ts1 10.10.10.10 [root@rt ~]# ipset -T ts1 10.10.10.10 10.10.10.10 is in set ts1. [root@rt ~]# ipset -T ts1 10.10.10.1 10.10.10.1 is NOT in set ts1. [root@rt ~]# ipset -T ts1 10.10.10.255 10.10.10.255 is NOT in set ts1. My question is what I did wrong here: "--timeout" is used: [root@rt ~]# ipset -N ts2 iptree --timeout 100 [root@rt ~]# ipset -A ts2 20.20.20.20 [root@rt ~]# ipset -T ts2 20.20.20.20 20.20.20.20 is in set ts2. [root@rt ~]# ipset -T ts2 20.20.20.1 20.20.20.1 is in set ts2. [root@rt ~]# ipset -T ts2 20.20.20.254 20.20.20.254 is in set ts2. [root@rt ~]# ipset -T ts2 20.20.1.1 20.20.1.1 is NOT in set ts2. If I use "timeout" then ipset test returns true to all IPs on subnet 20.20.20.0/24. Shouldn't this work the same way ( as without "timeout" )? Is this ok ? my linux = kernel-2.6.21.1 + set patch (pom-ng-20070513) + ipset-20070514 Help me please Łukasz Nierychło
