[Bug 744] New: set:list behavior
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Sat Sep 3 18:54:56 CEST 2011
http://bugzilla.netfilter.org/show_bug.cgi?id=744
Summary: set:list behavior
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: default
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: martinbarrowcliff at gmail.com
Estimated Hours: 0.0
Call it a enhancement if you like... It's a bug to me.
Linux server.localdomain 3.0.3_mfb #1 SMP Tue Aug 30 11:22:41 EDT 2011 i686
i686 i386 GNU/Linux
root [ /etc/firewall ]# ipset -v
ipset v6.8-genl-xta, protocol version: 96
With previous version I could test/match a setlist for an IP.
Seems this isn't working the same in V6.
root [ /etc/firewall ]# ipset -L Blacklist
Name: Blacklist
Type: list:set
Header: size 8
Size in memory: 56
References: 3
Members:
NetDrop
Ignore
Temp
Delay
WebDrop
The match functions in iptables "seems" to work correctly.
But I have multiple set:list and need to "test" against a single IP.
As of this version from xtables-addons, I cannot do that.
root [ /etc/firewall ]# ipset -test Blacklist 123.123.123.123
ipset v6.8-genl-xta: Set to be added/deleted/tested as element does not exist.
Obviously parsing this output is going to fail my scripts every time.
I also was unable to get the userland 6.8 release version to work at all.
The ipset mods in linux-3.0.3 didn't match properly with v6.8.
Glad to see ipsets in the kernel; sad it didn't work as expected.
Marty B.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the netfilter-buglog
mailing list