I created an IPSET,
ipset -N foo hash:net,iface

Then added member as
ipset -A foo 0.0.0.0/0,eth0

However, following iptables rule is not matched when machine is pinged
on its eth0 interface
iptables -A INPUT -m set --match-set foo src,src -j ACCEPT

But, if I add entry in ipset as
ipset -A foo 192.168.100.100,eth0

And I ping from 192.168.100.100, the rule is hit.

iptables version 1.6.1, ipset version 6.35, kernel 4.4.82

On Sun, Mar 13, 2016 at 2:45 AM, Jozsef Kadlecsik
<kad...@blackhole.kfki.hu> wrote:
> Hi,
>
> I'm happy to announce ipset 6.28 with a couple of important fixes, some
> compatibility improvements and corrections.
>
> Userspace changes:
>   - Support older pkg-config packages
>   - Add bash completion to the install routine (Mart Frauenlob)
>   - Fix misleading error message with comment extension
>   - Test added to check 0.0.0.0/0,iface to be matched in
>     hash:net,iface type
>   - Fix link with libtool >= 2.4.4 (Olivier Blin)
> Kernel part changes:
>   - Check IPSET_ATTR_ETHER netlink attribute length
>   - Fix __aligned_u64 compatibility support for older kernel releases
>   - Add compatibility to support EXPORT_SYMBOL_GPL in module.h
>   - Fix set:list type crash when flush/dump set in parallel
>   - Pass down netns pointer to call() and call_rcu() (backport)
>   - Allow a 0 netmask with hash_netiface type (Florian Westphal)
>
> You can download the source code of ipset from:
>         http://ipset.netfilter.org
>         ftp://ftp.netfilter.org/pub/ipset/
>         git://git.netfilter.org/ipset.git
>
> Best regards,
> Jozsef
> -
> E-mail  : kad...@blackhole.kfki.hu, kadlecsik.joz...@wigner.mta.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
>           H-1525 Budapest 114, POB. 49, Hungary
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to