[Dnsmasq-discuss] feature request: ipset options
Leonardo Rodrigues
leolistas at solutti.com.br
Mon Apr 23 21:15:10 BST 2018
I'm running dnsmasq with ipset support in some VERY low memory
machines (those all-in-one boards), and RAM is really my main concern
here. I'm actually using some 'ipset' rules on dnsmasq.conf to have some
domains IPs on an ipset list and, thus, being able to allow/deny them
with iptables.
Some of the sets are REALLY large (10k+ entries).
I was thinking on having a dnsmasq option for, instead of adding
the full IP to the set, adding its /24 network for example (simple
stripping last digit and adding '.0/24'). In that case, the sets would
be significantly smaller. I know with this i'll pottentially allowing
traffic i'm not looking for, by assuming th domain holds the entire /24
network. But i'm really concerned with RAM usage, and i'm willing to
have that risk.
Would it be hard to implement something like that in dnsmasq ?
Would this be useful for any one else ?
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes at solutti.com.br
My SPAMTRAP, do not email it
More information about the Dnsmasq-discuss
mailing list