ipset binding feature

ipset binding feature

[xiuming zhu]

By reading ipset manual, after ipset 4.0, the binding feature is removed. I
wonder there is any other way to implement the examples listed in
http://people.netfilter.org/kadlec/ipset/features.html

Let's see an example:

# ipmap set storing the IP addresses of two machines
ipset -N servers ipmap --network 192.168.0.0/16
ipset -A servers 192.168.0.1
ipset -A servers 192.168.0.2
# portmap set storing the allowed ports for 192.168.0.2
ipset -N ports portmap --from 1 --to 1024
ipset -A ports 21
ipset -A ports 22
ipset -A ports 25
# Binding, which attaches ports to 192.168.0.2
ipset -B servers 192.168.0.2 -b ports

# iptables rule using the set match
...
iptables -A FORWARD -m set --set servers dst,dst -j ACCEPT
iptables -A FORWARD -j DROP



thanks a lot

Re: ipset binding feature

[Jozsef Kadlecsik]

On Tue, 7 May 2013, xiuming zhu wrote:

> By reading ipset manual, after ipset 4.0, the binding feature is removed. I
> wonder there is any other way to implement the examples listed in
> http://people.netfilter.org/kadlec/ipset/features.html

No, the feature was badly designed and therefore was removed. 

I updated the page and deleted examples referring to removed features.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary