[pve-devel] [PATCH] implement ipset ip/net groups

Alexandre DERUMIER aderumier at odiso.com
Fri Mar 28 13:54:20 CET 2014


>>Yes, I would like to have onyl one type for ipsets. 
Ok, less confusion, better.

>>But maybe we can support 'nomatch', and comments? 
yes, no problem.



----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Vendredi 28 Mars 2014 13:49:55 
Objet: RE: [pve-devel] [PATCH] implement ipset ip/net groups 

> >>Stupid question, but why do we need different types - netgroups and 
> ipgroup? 
> >> 
> >>We can easily represent a single IP as network: 192.168.0.1/32 
> or is there a problem with that? 
> t 
> I think it's just speed or hash memory optimisation 
> 
> I found a good presentation here : 
> http://workshop.netfilter.org/2013/wiki/images/a/ab/Jozsef_Kadlecsik_ipse 
> t-osd-public.pdf 
> 
> But I think you can indeed use net:hash for /32 

Yes, I would like to have onyl one type for ipsets. 

But maybe we can support 'nomatch', and comments? 

------------------------ 
[ipset set1] 
192.168.0.0/24 # comments would be nice to have 
! 192.168.0.1 # nomatch support 
1.2.3.4 
10.0.0.0/8 
------------------------- 



More information about the pve-devel mailing list