On Mon, 12 Nov 2012, Ed W wrote: > On 26/10/2012 14:58, Csord?s Csaba Ifj. wrote: > > Dear Reader, > > > > I would like to ask when will it possible writing such rules as > > mentioned in $SUBJECT. > > > > For example: > > > > ipset new foo hash:ip > > ipset add foo 192.168.1.1 -t filter -A FORWARD -j LOG ... -t nat -A > > POSTROUTING -j SNAT ... -t mangle -A PREROUTING -j MARK ... > > > At this point haven't you re-implemented almost the whole of netfilter > inside ipset? (Or is that the point?). No, not at all. The user part of ipset should be linked with libxtables and use the parser, structures from there. And the kernel part would call the corresponding netfilter target modules directly. ipset is great for mass-matching. The functionality would just add the support of individual actions for the elements. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
