<Meino.Cramer <at> gmx.de> writes:
> I think the whole thing ipset consists of a kernel configuration > and a user tool, which is available via emerge. Unfortunately, emerge > still insists of patching the kernel, which is - according to your > informations - unnecessary. oops. I guess I was unclear. Configuring the kernel and rebuilding it has the same effect as patching a version of the kernel before ipset became part of the kernel sources. So 'patching' and 'configuring' the kernel are pretty much the same thing. Look at how old that sidmat code is. It may have last had the documents updated when ipset was a kernel patch. Many things start out as a kernel patch, before being formally assimilated into the kernel sources. > I unemerged ipset with emerge, fetched a new version from the > internet, reconfigured the kernel accordingly, recompiled the > kernel and this weekend I hopefully will have time to taste > the soup... ;) Ah, net-firewall/ipset is probably different than ipset in the kernel sources. cd /usr/src/linux # find -name ipset -print ./net/netfilter/ipset ./include/uapi/linux/netfilter/ipset ./include/linux/netfilter/ipset So I think we are talking about (2)different things. Maybe related maybe just coincidence in names...... Sorry for the murky advice. Just dig a bit. http://ipset.netfilter.org/ explains the relationship.... hth, James