[Bug 1101] SET target unreliable in iptables - add does not work as expected

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sat Dec 17 14:46:53 CET 2016


Jozsef Kadlecsik <kadlec at netfilter.org> changed:

           What    |Removed                     |Added
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |INVALID

--- Comment #4 from Jozsef Kadlecsik <kadlec at netfilter.org> ---
This is the expected behaviour and documented in the manpage:

"In order to avoid clashes in the hash, a limited number of chaining,
and if that is exhausted, the doubling of the hash size is performed
when adding entries by the ipset command. When entries added by
the SET target of iptables/ip6tables, then the hash size is fixed
and the set won't be duplicated, even if the new entry cannot be
added to the set."

You have to create the set with a proper hashsize parameter if
the elements are added by the SET target.

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20161217/3f8415d5/attachment.html>

More information about the netfilter-buglog mailing list