On Wed, 26 Aug 2015, Akshat Kakkar wrote: > With regards to ipset type hash:ip,mark, it is mentioned that > > """ > The hash:ip,mark type of sets require two src/dst parameters of the > set match and SET target kernel modules. > """ > > However as it invoves storing mark, which has nothing to do with > src/dst parametes, so it should be mentioned something like No, see below. > """ > The hash:ip,mark type of sets require one src/dst IP/network and > fwmark of the set match and SET target kernel modules. > """ Set type specific "direction" parameters were possible only if there were no list set type which may contain any kind of set, and if there was no possible to swap sets. The syntax MUST be acceptable for all possible set types, regardless of the real meaning of the individual elemet parts in a given set type. > Besides, as this is the only set which hashes mark also, so exactly > which IPTABLES module to use should also be mentioned. Why? The same iptables modules can be used as with all other set types: set match and SET target. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
