On Sat, 14 May 2011 22:46:11 -0400 John Brendler <[email protected]> wrote: > The "tree" type of ipsets takes care of it for you.
In case my explanation was confusing, it's this simple: ~# ipset --create my_ipset iptreemap ~# ipset --add my_ipset 192.168.0.0/24 ~# ipset --list my_ipset Name: my_ipset Type: iptreemap References: 0 Header: gc: 300 Members: 192.168.0.0-192.168.0.255 ~# ipset --del my_ipset 192.168.0.10 ~# ipset --list my_ipset Name: my_ipset Type: iptreemap References: 0 Header: gc: 300 Members: 192.168.0.0-192.168.0.9 192.168.0.11-192.168.0.255 Of course, it can have as many adds and deletes as you like, subject to the typical constraints. Again, if you meant something else by "pinhole", please forgive the unnecessary traffic.
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
