Hi, On Thu, 22 Feb 2018, Akshat Kakkar wrote: > I created an IPSET, > ipset -N foo hash:net,iface > > Then added member as > ipset -A foo 0.0.0.0/0,eth0 > > However, following iptables rule is not matched when machine is pinged > on its eth0 interface What do you mean by "pinged on its eth0 interface"? Do you ping the machine from itself? > iptables -A INPUT -m set --match-set foo src,src -j ACCEPT > > But, if I add entry in ipset as > ipset -A foo 192.168.100.100,eth0 > > And I ping from 192.168.100.100, the rule is hit. > > iptables version 1.6.1, ipset version 6.35, kernel 4.4.82 I can't reproduce it with ipset 6.35. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
