On Thu, 23 Dec 2010, Mr Dash Four wrote: > > Just to illustrate: > > > > # ipset create test hash:ip,port # ipset add test > > 192.168.0.0/30,tcp:80-82 # ipset list test > > Name: test > > Type: hash:ip,port > > Header: family inet hashsize 1024 maxelem 65536 > > Size in memory: 16888 > > References: 0 > > Members: > > 192.168.0.3,tcp:81 > > 192.168.0.0,tcp:82 > > 192.168.0.1,tcp:81 > > 192.168.0.1,tcp:82 > > 192.168.0.3,tcp:82 > > 192.168.0.0,tcp:80 > > 192.168.0.2,tcp:80 > > 192.168.0.0,tcp:81 > > 192.168.0.1,tcp:80 > > 192.168.0.2,tcp:82 > > 192.168.0.2,tcp:81 > > 192.168.0.3,tcp:80 > Wow! telepathy must be my forte!!! That's just the example I emailed you to > see if I understand you correctly! > > OK, does that differ if I have hash:net,port set (I presume when listing with > ipset -L you will show the net ranges - 192.168.0.0-192.168.0.0,tcp:80-82), is > that right? For net types the networks are not exploded, of course: # ipset create test hash:net,port # ipset add test 192.168.0.0/30,tcp:80-82 # ipset list test Name: test Type: hash:net,port Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16856 References: 0 Members: 192.168.0.0/30,tcp:80 192.168.0.0/30,tcp:82 192.168.0.0/30,tcp:81 However please note, the "net" types slow down linearly with the number of different network prefixes in the set. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
