[Bug 744] set:list behavior

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Tue Sep 6 12:16:52 CEST 2011


http://bugzilla.netfilter.org/show_bug.cgi?id=744





--- Comment #3 from Jozsef Kadlecsik <kadlec at netfilter.org>  2011-09-06 12:16:52 ---
Before ipset 6.x there was no IPv6 support, and other factors changed as well.

But of course the list:set type is useful, only it has got two faces: from
userspace by the ipset tool you can add, delete and *test* subsets as elements,
while in kernel space the match/target is used. In kernel the system works on
packets which are well defined, there's no parsing issue and of course for
example a matching is executed in the subsets.

You could emulate the matching you are looking for in userspace by a simple
shell script like this (untested):

#!/bin/sh

ipset list $1 | tail -n +7 | while read x y; do
    ipset test $x $2
    if [ $? -eq 0 ]; then
        echo "$2 is in set $1"
        exit 0
    fi
done
echo "$2 is NOT in set $1"
exit 1
# eof


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.



More information about the netfilter-buglog mailing list