Re: revisit: ipset nethash set type limited to /31

Thread: Re: revisit: ipset nethash set type limited to /31

Search this list only Search all lists
Re: revisit: ipset nethash set type limited to /31
Germany	2007-08-17 06:05:38
On Aug 17 2007 16:54, Neville C. Dempsey wrote: > >As ipset_nethash.c stands it handles subnet masks from /1 to /31 fine, >but the cases /0 & /32 are required to be handled in a different chain. /0 is not a network anymore, it is "everything". /32 is a single host, I think iphash is better suited for this. Or perhaps even use fullipmap [https://lists.netfilter.org/piperma il/netfilter-devel/2007-August/029066.html] Jan --

Re: revisit: ipset nethash set type limited to /31
Poland	2007-08-17 08:03:37
On Fri, 17 Aug 2007, Jan Engelhardt wrote: > > On Aug 17 2007 16:54, Neville C. Dempsey wrote: >> >> As ipset_nethash.c stands it handles subnet masks from /1 to /31 fine, >> but the cases /0 & /32 are required to be handled in a different chain. > > /0 is not a network anymore, it is "everything". > /32 is a single host, I think iphash is better suited for this. As long you don't need to handle both networks and host in the same set. If you do then you end up with double number of sets (eg. 400 instead of 200) and more complicated iptables rules. Best regards, Krzysztof Oledzki

[1-2]