From: Mr Dash Four <mr.dash.four@googlemail.com>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel@vger.kernel.org, netfilter@vger.kernel.org
Subject: Re: [ANNOUNCE] ipset-5.0 released
Date: Sat, 18 Dec 2010 14:22:51 +0000 [thread overview]
Message-ID: <4D0CC3BB.8030801@googlemail.com> (raw)
In-Reply-To: <alpine.DEB.2.00.1012172259100.10231@blackhole.kfki.hu>
> I'm happy to announce the new branch of ipset and release it's first
> element, ipset-5.0.
>
I see that you have considered my suggestions and added port ranges to
the hash sets. That will make my job much easier! Thank you!
Is there any difference between hash:net,ip and hash:ip,port? It seems
as though I can specify subnets (CIDR format) of different sizes in both
sets!
I also spotted another feature I previously missed when looked at
5.0-pre10 - nesting of datatypes (I think the default is 4, which would
be enough for 99% of cases). That is absolutely brilliant as up until
now I have used multiple --match-set directives to do that job, which
can now be done 'internally' by ipset. It also addresses the issue of
'binding' (a feature dropped in earlier ipset releases and a feature I
badly missed if I am being honest), but the implementation this time is
much better. This set of features will be put to the test as I will be
using them quite extensively!
I do have another question however: Currently the protocol part from the
port ranges (hash sets) is not mandatory. Does that mean that if I omit
it then the port range is matched *regardless* of the protocol (tcp or
udp)? For example, if I have 10.1.1.0/24,80 would that match
10.1.1.1:tcp:80 *and* 10.1.1.1:udp:80? If so, that is very good news!
I downloaded the source to look at, but won't compile it just yet as I
am waiting for this version to be integrated in the xtables tree and
hoping that integration is flawless and without the silly compile-time
errors as was the case with previous xtables releases (*nudges Jan*).
As part of that process I will try and create the .spec file needed to
build the Fedora rpm package (it would be for FC13 as I am yet to
migrate to FC14) and will submit it with them to integrate it with FC as
soon as possible.
Final question from me: As part of the ipset-5.0 package you provide a
netlink patch file. I have read the README and it seems that the only
time that patch needs to be applied is if the kernel version is >=
2.6.31. Is that the case and are there any other
constraints/requirements? Do I apply this patch if the kernel version is
<= 2.6.31? It is important for me to know the answer to this question
when I prepare the .spec file for building the rpm for Fedora.
next prev parent reply other threads:[~2010-12-18 14:22 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-17 22:26 [ANNOUNCE] ipset-5.0 released Jozsef Kadlecsik
2010-12-17 23:32 ` Jan Engelhardt
2010-12-18 10:40 ` Jozsef Kadlecsik
2010-12-18 7:29 ` Rob Sterenborg (lists)
2010-12-18 11:13 ` Jozsef Kadlecsik
2010-12-18 15:43 ` Jan Engelhardt
2010-12-18 19:50 ` Jozsef Kadlecsik
2010-12-18 21:49 ` Jan Engelhardt
2010-12-19 0:05 ` Jozsef Kadlecsik
2010-12-19 0:28 ` Jan Engelhardt
2010-12-19 5:56 ` Jan Engelhardt
2010-12-19 18:23 ` Rob Sterenborg (lists)
2010-12-21 11:14 ` Rob Sterenborg (lists)
2010-12-21 14:03 ` Jozsef Kadlecsik
2010-12-18 14:22 ` Mr Dash Four [this message]
2010-12-18 20:23 ` Jozsef Kadlecsik
2010-12-18 21:51 ` Mr Dash Four
2010-12-18 22:10 ` Jan Engelhardt
2010-12-18 22:23 ` Mr Dash Four
2010-12-19 0:34 ` Jozsef Kadlecsik
2010-12-19 13:52 ` Mr Dash Four
2010-12-19 15:20 ` Dennis Jacobfeuerborn
2010-12-19 17:04 ` Mr Dash Four
2010-12-22 10:59 ` Jozsef Kadlecsik
2010-12-22 12:48 ` Mr Dash Four
2010-12-23 15:39 ` Jozsef Kadlecsik
2010-12-23 17:50 ` Mr Dash Four
2010-12-23 17:55 ` David Miller
2010-12-23 18:00 ` Mr Dash Four
2010-12-23 18:06 ` David Miller
2010-12-23 18:10 ` Mr Dash Four
2010-12-23 19:35 ` Jozsef Kadlecsik
2010-12-23 22:23 ` Mr Dash Four
2010-12-23 22:46 ` Jozsef Kadlecsik
2010-12-23 22:56 ` Jozsef Kadlecsik
2010-12-23 23:06 ` Mr Dash Four
2010-12-26 10:30 ` Jozsef Kadlecsik
2010-12-26 13:47 ` Mr Dash Four
2010-12-26 20:09 ` Jozsef Kadlecsik
2010-12-26 21:44 ` Mr Dash Four
2010-12-27 14:49 ` Jozsef Kadlecsik
2010-12-27 16:23 ` Mr Dash Four
2010-12-27 18:20 ` Jozsef Kadlecsik
2010-12-27 18:52 ` Mr Dash Four
2010-12-28 19:26 ` Jozsef Kadlecsik
2010-12-23 23:03 ` Mr Dash Four
2010-12-26 10:32 ` Jozsef Kadlecsik
2010-12-23 21:51 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D0CC3BB.8030801@googlemail.com \
--to=mr.dash.four@googlemail.com \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.