Hello list,
the problem I ran into is, that I'm unable to delete any iptables rule,
which uses either the set match or the SET target, by the exact matching
rule options. Deleting by rule number works though.
See below output.
System is Debian squeeze with debian kernel 2.6.32.
I downloaded the debian kernel source package.
Applied the netlink.patch and compiled/run it successfully.
Installed latest ipset successfully:
# ipset version
ipset v6.16.1, protocol version: 6
I tried to apt-src iptables and compile that, but made no difference.
# iptables -V
iptables v1.4.8
Any ideas on that?
Thank you very much!
-----------------------------------------------------------------
iptables -vnL FOO
Chain FOO (1 references)
pkts bytes target prot opt in out source
destination
# iptables -A FOO -s 192.168.13.0/24 -p icmp -j SET --add-set foo src
# iptables -A FOO -m set --match-set foo src -j ACCEPT
- generate some traffic...
iptables -vnL FOO
Chain FOO (1 references)
pkts bytes target prot opt in out source
destination
4 240 SET icmp -- * * 192.168.13.0/24
0.0.0.0/0 add-set foo src
18 1148 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 match-set foo src
iptables -D FOO -s 192.168.13.0/24 -p icmp -j SET --add-set foo src
iptables: No chain/target/match by that name.
# iptables -D FOO -m set --match-set foo src -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
# ipset list foo
Name: foo
Type: hash:ip
Revision: 0
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 8288
References: 2
Members:
192.168.13.254
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html