Hello,
I can confirm that ipset option is working great. We are defining one
rule by line in our configuration file, like this:
ipset=/browser.sentry-cdn.com/whitelist
ipset=/sentry.io/whitelist
"whitelist" ipset is one hash:ip ipset. I never tried to configure
multiple set names or domains on the same line.
The main corner case is to set a timeout option on the set, to not keep
the IP in the set forever. In that case, you should add a max-cache-ttl
option in your dnsmasq configuration, lower than the timeout configured
in the set. Second corner case, hardcoded IP in /etc/hosts are not
resolved. So they are never added in the sets.
Best regards,
Florent
_______________________________________________
Dnsmasq-discuss mailing list
[email protected]
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
