On Wed, 10 Oct 2012, Arturo Borrero wrote: > > you can use some script to do the resolving and then add the results to the > > set one by one. > > > > how ipset behave is the same as iptables. > > It seems that iptables is able to handle multiple resolutions: Yes, but ipset != iptables. > > Yes, that's right. If hostname is supplied as input, just the first > > resolved IP address is used. Look at into lib/parse.c > > I see it now. Reading man page getaddrinfo(3), it is implemented as > some kind of linked list, specially for cases where there are multiple > resolutions. > > So, the function get_addrinfo in lib/parse.c needs to do something > more inside that for loop. (By now, I don't know what means the code > inside the loop if found==0, so I can't write a patch) That's not possible: you can't call a session loop over the IP addresses from lib/parse.c in the current framework. (That's why it's not already done.) Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
