On Thu, Sep 26, 2019 at 12:06:45PM +0200, Kristian Evensen wrote: > The net,iface equal functions currently compares the full interface > names. In several cases, wildcard (or prefix) matching is useful. For > example, when converting a large iptables rule-set to make use of ipset, > I was able to significantly reduce the number of set elements by making > use of wildcard matching. > > Wildcard matching is enabled by adding "wildcard" when adding an element > to a set. Internally, this causes the IPSET_FLAG_IFACE_WILDCARD-flag to > be set. When this flag is set, only the initial part of the interface > name is used for comparison. > > Wildcard matching is done per element and not per set, as there are many > cases where mixing wildcard and non-wildcard elements are useful. This > means that is up to the user to handle (avoid) overlapping interface > names. Wrong list. Please send it to netfilter-devel@xxxxxxxxxxxxxxx Thanks!
