Hi, On Thu, 22 Feb 2018, Akshat Kakkar wrote:
> I created an IPSET, > ipset -N foo hash:net,iface > > Then added member as > ipset -A foo 0.0.0.0/0,eth0 > > However, following iptables rule is not matched when machine is pinged > on its eth0 interface What do you mean by "pinged on its eth0 interface"? Do you ping the machine from itself? > iptables -A INPUT -m set --match-set foo src,src -j ACCEPT > > But, if I add entry in ipset as > ipset -A foo 192.168.100.100,eth0 > > And I ping from 192.168.100.100, the rule is hit. > > iptables version 1.6.1, ipset version 6.35, kernel 4.4.82 I can't reproduce it with ipset 6.35. Best regards, Jozsef - E-mail : kad...@blackhole.kfki.hu, kadlecsik.joz...@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
