By reading ipset manual, after ipset 4.0, the binding feature is removed. I wonder there is any other way to implement the examples listed in http://people.netfilter.org/kadlec/ipset/features.html Let's see an example: # ipmap set storing the IP addresses of two machines ipset -N servers ipmap --network 192.168.0.0/16 ipset -A servers 192.168.0.1 ipset -A servers 192.168.0.2 # portmap set storing the allowed ports for 192.168.0.2 ipset -N ports portmap --from 1 --to 1024 ipset -A ports 21 ipset -A ports 22 ipset -A ports 25 # Binding, which attaches ports to 192.168.0.2 ipset -B servers 192.168.0.2 -b ports # iptables rule using the set match ... iptables -A FORWARD -m set --set servers dst,dst -j ACCEPT iptables -A FORWARD -j DROP thanks a lot -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
