[Dnsmasq-discuss] ipset-dns: Integrate Netfilter IPSet Support
Mr Dash Four
mr.dash.four at googlemail.com
Sat Feb 16 16:28:03 GMT 2013
> I'm sure it's possible to warp ipset to do all sorts of things for
> you. It's pretty generic and flexible.
>
If the set is of type hash:net, then you can use "nomatch". In other words:
ipset n test-net hash:net
ipset a test-net 10.1.1.0/24
ipset a test-net 10.1.1.12 nomatch
The above will match everything within the 10.1.1.0/24 subnet, *except*
10.1.1.12 (this is roughly the equivalent of piercing a hole in your
firewall).
More information about the Dnsmasq-discuss
mailing list