В Чтв, 10/04/2008 в 09:21 +0200, Jozsef Kadlecsik пишет: > On Wed, 9 Apr 2008, Jan Engelhardt wrote: > > > On Wednesday 2008-04-09 21:17, Gilad Benjamini wrote: > > > > >True, but I am looking for a more optimized solution > > > > I assume ipset's iptree is smart enough to do short-circuiting > > if you have /24, /16 or /8 networks. > > If you have got whole networks (/n), then ipset is smart enough to handle > it (nethash type). If you have got ranges, then iptreemap type is the best > choice. But, regarding this question, is there any way one can use IP-networks and single IP-addresses in the same set? Personally I was unable to do that since ipset doesn't accepts netmask of 32 or 31. Say, I have the following set of ips and nets, could I and how could I keep that in one set?: 192.168.0.0/24 192.168.1.128/30 192.168.2.1/32 -- Покотиленко Костик <casper@xxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
