On 04/28/2011 08:30 AM, Mr Dash Four wrote: > > >>> Thank you. Do you plan adding ipset support to (normal, not simple) >>> accounting in Shorewall? >>> >> >> Should be there already. What do you believe doesn't work? >> > I also meant traffic shaping, apologies. My impression by reading the > man pages on your web site (shorewall-accounting, shorewall-tcfilters)
Do you mean shorewall-tcrules rather than shorewall-accounting? If so, that file does support ipsets; that's an oversight in the manpage. > was that ipset is not supported. shorewall-accounting does not mention > anything in any of the columns that ipset syntax is supported, > shorewall-tcfilters states that ipset is definitely not supported > (http://shorewall.net/traffic_shaping.htm - scroll down to the tcfilters > section). Entries in the tcfilters file generate u32 filters which have no ipset support (nor will ever, IMO). They use (offset,mask,value) tuples applied to protocol headers and are not part of Netfilter at all. So tcrules are the only mechanism available that supports ipsets. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
