On 02/06/2018 08:38 AM, Nicola Ferrari (#554252) wrote: > Hi list! > > I'm trying to use ipset to get a sort of "dynamic rule" where to add and > remove networks' subnets on-the-fly.. > > Here's what I did: > > ipset create allowed_labs hash:net > ipset add allowed_labs 192.168.26.0/24 > ipset list --> i can see the newly created ipset > > added a new shorewall rule > ACCEPT:info loc:+allowed_labs net > > shorewall safe-restart > > I get > ERROR: ipset names in Shorewall configuration files require Ipset > Match in your kernel and iptables > from /etc/shorewall/rules (line 60) > > > Of course my kernel has ipset support enabled and xtables packages > installed.. > > What I would to acheive is a way to add new /24 network on-the-fly > without having to touch rules file and restart shorewall.. > > Where's my mistake? >
Try this:
iptables -N foo
iptables -A foo -m set --set allowed_labs dst -j ACCEPT
What is the result?
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
