Hello, In learning about handling large lists of IPs in ShoreWall, I discovered its ipsets support.
As according to the ShoreWall docs, "Using ipsets requires that you patch your kernel and iptables and that you build and install the ipset utility from http://ipset.netfilter.org/."; After a bit of Googling, I think I've correctly installed the utility > ipset --version ipset v2.4.3 Protocol version 2. and the kernel module, > lsmod | grep -i ip_set ip_set_iphash 13456 0 ip_set 26156 2 ip_set_iphash > modinfo ip_set filename: /lib/modules/2.6.25.18-0.2-default/updates/ip_set.ko description: module implementing core IP set support author: Jozsef Kadlecsik <[EMAIL PROTECTED]> license: GPL srcversion: 258C1BA85EA4FF1F35720B0 depends: vermagic: 2.6.25.18-0.2-default SMP mod_unload 586 parm: max_sets:maximal number of sets (int) parm: hash_size:hash size for bindings (int) Is this all sufficiently "installed" for ShoreWall? I'm not sure how to test if iptables is properly patched. This makes me wonder if it is, > shorewall show capabilities | grep -i ipset Ipset Match: Not available --JC ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
