On Wed, 23 Feb 2011, Mr Dash Four wrote: > When I execute 'ipset -R < some_file' ipset ignores lines with the '-D' option > specified. Is that intentional? Deletion is not ignored in restore mode. The commands which are not allowed in restore mode are restore, help and version. > I am trying to execute a script file creating 'pinholes' in (previously built) > ipsets, but, as it stands, I have to execute a shell script containing 'ipset > -D' for every pinhole/range I am interested in, which isn't very convenient. > Ideally I'd like for ipset to honour the '-D' option in a restore file. > > The reason I need this is because I am defining ipset ranges coming from the > geoip database and later, with the '-D' option in a script, I am trying to > create the pinholes - more convenient since ipset has a very nice feature to > re-adjust the ipset ranges automatically after delete, instead of me using > endless '-A' statements adding the resulting ipset sub-ranges. The iptreemap type of ipset 4.x had the feature you are referring here. The iptree and iptreemap types are not implemented in ipset 5.x. However you can achieve the same effect by using two sets, the first one for the pinholes and the second one for the networks. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
