On Tuesday 2008-07-01 12:00, Jozsef Kadlecsik wrote: >On Mon, 30 Jun 2008, Jan Engelhardt wrote: >> On Monday 2008-06-30 23:11, Jozsef Kadlecsik wrote: >> > >> >In order to make life easier, as I apply the patches sent by Swen, >> >there'll be a new, "standalone" version of ipset, i.e. it'll be possible >> >to use it without patch-o-matic-ng. >> >> I have been tracking ipset a bit lately, it already seems >> standing alone. Would you be willing to make it available >> through Xtables-addons? >> A test head for inspection can be found at >> git://dev.medozas.de/xtables-addons ipset > >The iptables match and target for ipset are in the iptables source tree, Well that won't impact is positively nor negatively. It has always been that way, and whether people get libipt_{SET,set} through iptables or the ipset tarball - it would not matter. >so that part is totally independent from pom-ng and supported by iptables, >out of the box. As ipset is IPv4-only, there's no way to create an xtables >variant of the match and the target :-). Just because something is limited to IPv4 does not mean it is not 'x' ('x' as in xtables). It is all just names, and getting it under one unified hut is a good thing. In fact, onnnnnnnnce (;-) I get around to submit the next patchsets, we will have xt modules that have neither IPv4 nor IPv6 components. >The source of the 'ipset' binary, which is totally independent from >iptables or xtables, is currently in svn, but we can move it to git >anytime. I don't really see what would be the benefit in adding ipset to >xtables-addons, sorry. But thank you the offer! Benefits? - removing 73% of all #ifdef kludges from *.c (the kernel files) - less tarballs for users to build - autoconf for the binary :-P -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html