[pve-devel] [PATCH] implement ipset ip/net groups
Alexandre DERUMIER
aderumier at odiso.com
Fri Mar 28 13:54:20 CET 2014
>>Yes, I would like to have onyl one type for ipsets.
Ok, less confusion, better.
>>But maybe we can support 'nomatch', and comments?
yes, no problem.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Vendredi 28 Mars 2014 13:49:55
Objet: RE: [pve-devel] [PATCH] implement ipset ip/net groups
> >>Stupid question, but why do we need different types - netgroups and
> ipgroup?
> >>
> >>We can easily represent a single IP as network: 192.168.0.1/32
> or is there a problem with that?
> t
> I think it's just speed or hash memory optimisation
>
> I found a good presentation here :
> http://workshop.netfilter.org/2013/wiki/images/a/ab/Jozsef_Kadlecsik_ipse
> t-osd-public.pdf
>
> But I think you can indeed use net:hash for /32
Yes, I would like to have onyl one type for ipsets.
But maybe we can support 'nomatch', and comments?
------------------------
[ipset set1]
192.168.0.0/24 # comments would be nice to have
! 192.168.0.1 # nomatch support
1.2.3.4
10.0.0.0/8
-------------------------
More information about the pve-devel
mailing list