macipmap (ipset) matching

macipmap (ipset) matching

[Mr Dash Four]

I am trying to employ and use this, but am unable to get any match 
whatsoever. I have registered my own (internal) network and the relevant 
mac addresses for each interface, but no joy. What could be the problem? 
Has anybody actually tried this?

Re: macipmap (ipset) matching

[Jozsef Kadlecsik]

On Tue, 28 Sep 2010, Mr Dash Four wrote:

> I am trying to employ and use this, but am unable to get any match whatsoever.
> I have registered my own (internal) network and the relevant mac addresses for
> each interface, but no joy. What could be the problem? Has anybody actually
> tried this?

Could you describe exactly what do you try to do? That is the set elements 
to be matched and the iptables rules you entered. Also, please note the 
"set" match and "SET" target netfilter kernel modules always use the
source MAC address from the packet.

The ipset source tree contains a testsuite with tests against all set 
types.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: macipmap (ipset) matching

[Mr Dash Four]

>> I am trying to employ and use this, but am unable to get any match whatsoever.
>> I have registered my own (internal) network and the relevant mac addresses for
>> each interface, but no joy. What could be the problem? Has anybody actually
>> tried this?
>>     
>
> Could you describe exactly what do you try to do?
I am creating a match rule (I am using Shorewall), which matches both IP 
and mac addresses, but this match is never triggered, hence my initial 
query.

> The ipset source tree contains a testsuite with tests against all set 
> types.
>   
Thanks for that - I will look at it and see if I could use it here.