On 04/28/2011 09:23 AM, Mr Dash Four wrote: >> Entries in the tcfilters file generate u32 filters which have no ipset >> support (nor will ever, IMO). They use (offset,mask,value) tuples >> applied to protocol headers and are not part of Netfilter at all. So >> tcrules are the only mechanism available that supports ipsets. >> > I am no expert, but couldn't ipsets be included at least in the > SOURCE/DEST columns of ip addresses/subnets and port ranges, possibly > the protocol too as the new generation of ipset could have a tuple of > either (sub)net, port and protocol used?
u32 filters don't use iptables; they use ip. > That is what I would need ipset > to be used for - I am quite happy for the rest to remain as it is. > > Wouldn't the use of tcrules force me to use simple traffic shaping instead? No. It is 'tcpri' that is associated only with simple TC. But tcrules are also available in that case as well. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
