Re: ipporthash, ipportiphash, ipportnethash problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a major headache for me for 2 reasons:
Sorry, what I provide is a generic, distribution-independent package. I'm aware that this can create a maintenance problem in a distribution-dependent environment, but I cannot help at that.
I have managed to find a solution, but it is pretty ugly! I can now package the compiled files (from BUILDROOT) into rpm, though what I will work on when I next have the time for it is to get the compilation process to execute in arch-independent environment. I will also fine-tune the rpm spec file and post it here so that whoever is interested in packaging xtables+ipset into rpm can use this file to prepare rpms instead of relying on the people from fedora who 'maintain' the repos to do it (I am still waiting for the 1.29 rpms to show up on fedora updates which is a disgrace really)! 



I can give you of at least 2 uses based on my experience:
The present 4.x branch is in "maintenance" mode for me. I'll think on adding such a type to 5.x. 
If I can help you out with some testing I would gladly do it.
Another feature you may add to your list is support for port ranges in a single set element, like "IP,port-port" for example. You already have similar support for multiple IP addresses (when subnets are used) - port ranges is another useful feature to have. One example where I can use this is when defining 'high-' (or unprivileged) ports - currently I 'solve' this particular problem with enrolling a set consisting of 1024 elements containing ports 0-1023 and then specifying a negative match (i.e. not privileged) on that set, which is not very convenient. 


That's brilliant news! I take it you will be introducing protocol support for
all the constructs, is that right? How long would it take before you release
this?
I'm going to release ipset 5.0 around the netfilter developer workshop this month. 
Superb news!

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux