I'm sure it's possible to warp ipset to do all sorts of things for
you. It's pretty generic and flexible.
If the set is of type hash:net, then you can use "nomatch". In other words:
ipset n test-net hash:net
ipset a test-net 10.1.1.0/24
ipset a test-net 10.1.1.12 nomatch
The above will match everything within the 10.1.1.0/24 subnet, *except*
10.1.1.12 (this is roughly the equivalent of piercing a hole in your
firewall).
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss