* ipset 6.x - bitmap:ip,mac not working
@ 2012-01-15 16:52 Vlado Drzik
2012-01-15 17:28 ` Jozsef Kadlecsik
0 siblings, 1 reply; 3+ messages in thread
From: Vlado Drzik @ 2012-01-15 16:52 UTC (permalink / raw)
To: netdev; +Cc: kadlec
Hello All,
Would like to ask whether someone is actually using IP sets in recent
kernel version with bitmap:ip,mac match.
I've updated from ipsets 4.x to ipset 6.10 and kernel 3.1.8 and I've
noticed that bitmap:ip,mac never match.
I've tested also bitmap:ip and that one is working fine.
Test setup:
ipset create ipmac_test bitmap:ip,mac range 172.16.0.0/16
ipset add ipmac_test 172.16.1.254,00:11:22:33:44:55
iptables -I INPUT -i eth0 -m set --match-set ipmac_test src
And after I'm running some communication from host 172.16.1.254 with
source MAC 00:11:22:33:44:55.
But there are not packets matched by the rule in iptables.
Using just bitmap:ip it is working fine. Also previous version 4.x was
working fine with macipmap.
Many thanks.
Regards,
Vladimir Drzik
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ipset 6.x - bitmap:ip,mac not working
2012-01-15 16:52 ipset 6.x - bitmap:ip,mac not working Vlado Drzik
@ 2012-01-15 17:28 ` Jozsef Kadlecsik
2012-01-15 17:57 ` Vlado Drzik
0 siblings, 1 reply; 3+ messages in thread
From: Jozsef Kadlecsik @ 2012-01-15 17:28 UTC (permalink / raw)
To: Vlado Drzik; +Cc: netdev
On Sun, 15 Jan 2012, Vlado Drzik wrote:
> Would like to ask whether someone is actually using IP sets in recent
> kernel version with bitmap:ip,mac match.
> I've updated from ipsets 4.x to ipset 6.10 and kernel 3.1.8 and I've
> noticed that bitmap:ip,mac never match.
> I've tested also bitmap:ip and that one is working fine.
>
> Test setup:
>
> ipset create ipmac_test bitmap:ip,mac range 172.16.0.0/16
> ipset add ipmac_test 172.16.1.254,00:11:22:33:44:55
>
> iptables -I INPUT -i eth0 -m set --match-set ipmac_test src
That's a wrong rule: bitmap:ip,mac is a two dimensional set and therefore
it requires two directional parameters:
iptables -I INPUT -i eth0 -m set --match-set ipmac_test src,src
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ipset 6.x - bitmap:ip,mac not working
2012-01-15 17:28 ` Jozsef Kadlecsik
@ 2012-01-15 17:57 ` Vlado Drzik
0 siblings, 0 replies; 3+ messages in thread
From: Vlado Drzik @ 2012-01-15 17:57 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: netdev
Many Thanks Jozsef, That was quick.
Indeed it works now.
I haven't noticed that syntax has changed.
Regads,
Vladimir
On 1/15/2012 18:28, Jozsef Kadlecsik wrote:
>
>> iptables -I INPUT -i eth0 -m set --match-set ipmac_test src
> That's a wrong rule: bitmap:ip,mac is a two dimensional set and therefore
> it requires two directional parameters:
>
> iptables -I INPUT -i eth0 -m set --match-set ipmac_test src,src
>
> Best regards,
> Jozsef
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-01-15 17:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-15 16:52 ipset 6.x - bitmap:ip,mac not working Vlado Drzik
2012-01-15 17:28 ` Jozsef Kadlecsik
2012-01-15 17:57 ` Vlado Drzik
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).