On Wed, 2013-04-10 at 14:19 +0200, Vladimir wrote: > Hello everybody, Hi, > at the momemt I'm setting up iptables/ip6tables rule sets based on > ipset (on Ubuntu 12.04, using repo packages). As set type I use hash:net > to handle networks and single IPs. > > Is there a direct relation between the hash size and maxelem parameter? `hashsize` is the maximum size of your set. It should be a power of 2 value. `maxelem` is the maximum number of elements you want in your set. So that no more elements can be added when maxelem is reached even if you still have place (hashsize) for more elements. > When using maxelem on creation of a set this value simply limits the > number of entries that can be added, right? Yep. > maxelem parameter does not depend on the netmask used for a certain > entry, right? Yep. > Should I only specify hash size parameter if I know that my set will > hold few entries? If I understood man page correctly, the hash > size grows dynamically by doubling its size (somehow) if needed. hashsize default value is 1024, minimum seems to be 64 on my system. You can specify hashsize to gain memory or have a bigger hash. If you already know the maximum size of your set, you can specify hashsize near to that value and maxelem to limit the set (for example to prevent accidental additions). > Best regards > Vladimir See ya. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
