From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mr Dash Four Subject: Re: [PATCH 0/3] ipset: change 'iface' part in hash:net,iface set Date: Sun, 08 Jul 2012 20:43:33 +0100 Message-ID: <4FF9E2E5.3090306@googlemail.com> References: <4FF736FE.8030109@googlemail.com> <4FF74868.3070303@googlemail.com> <4FF74D5C.6060909@googlemail.com> <4FF752F0.3010007@googlemail.com> <4FF765E7.6020809@googlemail.com> <4FF9851A.8080400@googlemail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Pablo Neira Ayuso , Patrick McHardy , Jozsef Kadlecsik To: Netfilter Core Team Return-path: Received: from mail-wg0-f44.google.com ([74.125.82.44]:45963 "EHLO mail-wg0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751938Ab2GHTnn (ORCPT ); Sun, 8 Jul 2012 15:43:43 -0400 Received: by wgbdr13 with SMTP id dr13so10796219wgb.1 for ; Sun, 08 Jul 2012 12:43:42 -0700 (PDT) In-Reply-To: Sender: netfilter-devel-owner@vger.kernel.org List-ID: > > Example: If list1 - list:set type of set has, say, 5 members: iface1 > and iface2 - type hash:net,iface, and ipp1, ipp2 and ipp3 - type > hash:ip,port, then the following iptables statement: > > Fly on the wall comment: the fact you allow sets of objects of > different types seems like a design mistake. > Nope, that is the *real* beauty of list:set type of sets - you can mix-and-match to your heart's content! In ipset versions prior to 4, I think, there used to be a feature called "nesting" in sets, but it was fraud and later abandoned.