On Wed, 12 Nov 2008, Grant Taylor wrote: > On 11/11/2008 11:55 PM, JC Janos wrote: > > I'm using IPSET to create a nethash typed set to contain a short list of > > "bogons" as defined @ http://www.team-cymru.org/Services/Bogons/#http for > > eventual use in a firewall rule. > > > > But for one of those defined nets, ipset fails to add, > > > > ipset -N BOGONS nethash > > ipset -A BOGONS 0.0.0.0/7 > > ipset v2.4.3: Zero valued IP address `0.0.0.0' specified > > Try `ipset -H' or 'ipset --help' for more information. > > > > I can certainly use the "0.0.0.0/7" in a rule. How can I correctly add it > > to an ipset? > > It sounds like ipset does not like the fact that you are using an IP address > that is all zeros. Yes, exactly: a zero valued entry in the hash means "empty entry". Therefore a zero valued IP address cannot be added to a hash. But "0.0.0.0/7" as a network address is not zero valued: the checking happens prematurely and prevents adding the network address to the hash. I'm going to fix it. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
