>>Yes, I would like to have onyl one type for ipsets. Ok, less confusion, better.
>>But maybe we can support 'nomatch', and comments? yes, no problem. ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Vendredi 28 Mars 2014 13:49:55 Objet: RE: [pve-devel] [PATCH] implement ipset ip/net groups > >>Stupid question, but why do we need different types - netgroups and > ipgroup? > >> > >>We can easily represent a single IP as network: 192.168.0.1/32 > or is there a problem with that? > t > I think it's just speed or hash memory optimisation > > I found a good presentation here : > http://workshop.netfilter.org/2013/wiki/images/a/ab/Jozsef_Kadlecsik_ipse > t-osd-public.pdf > > But I think you can indeed use net:hash for /32 Yes, I would like to have onyl one type for ipsets. But maybe we can support 'nomatch', and comments? ------------------------ [ipset set1] 192.168.0.0/24 # comments would be nice to have ! 192.168.0.1 # nomatch support 1.2.3.4 10.0.0.0/8 ------------------------- _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
