[Dnsmasq-discuss] feature request: ipset options
Eliezer Croitoru
eliezer at ngtech.co.il
Tue Apr 24 04:23:14 BST 2018
Hey Leondaro,
Can you share your setup details?
It's kind of interest me.
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-----Original Message-----
From: Dnsmasq-discuss <dnsmasq-discuss-bounces at lists.thekelleys.org.uk> On Behalf Of Leonardo Rodrigues
Sent: Monday, April 23, 2018 23:15
To: dnsmasq-discuss at lists.thekelleys.org.uk
Subject: [Dnsmasq-discuss] feature request: ipset options
I'm running dnsmasq with ipset support in some VERY low memory machines (those all-in-one boards), and RAM is really my main concern here. I'm actually using some 'ipset' rules on dnsmasq.conf to have some domains IPs on an ipset list and, thus, being able to allow/deny them with iptables.
Some of the sets are REALLY large (10k+ entries).
I was thinking on having a dnsmasq option for, instead of adding the full IP to the set, adding its /24 network for example (simple stripping last digit and adding '.0/24'). In that case, the sets would be significantly smaller. I know with this i'll pottentially allowing traffic i'm not looking for, by assuming th domain holds the entire /24 network. But i'm really concerned with RAM usage, and i'm willing to have that risk.
Would it be hard to implement something like that in dnsmasq ?
Would this be useful for any one else ?
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes at solutti.com.br
My SPAMTRAP, do not email it
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list