[Dnsmasq-discuss] feature request: ipset options

Leonardo Rodrigues leolistas at solutti.com.br
Thu Apr 26 20:20:04 BST 2018


     While i can't give you exact configurations, i can say it's a 
simple configuration on dnsmasq feeding some ipset sets based on domains 
(plain simple configuration) and those sets being used by iptables rules.

     While the set sizes simply doesn't matter when you have Gbs of RAM, 
when trying to do that with 32 MB of RAM, things chance a little. So 
that's because i'm trying to squeeze each KB of used memory by reducing 
the ipset set sizes by IP aggregation.


Em 24/04/18 00:23, Eliezer Croitoru escreveu:
> Hey Leondaro,
>
> Can you share your setup details?
> It's kind of interest me.
>
>
> -----Original Message-----
> From: Dnsmasq-discuss <dnsmasq-discuss-bounces at lists.thekelleys.org.uk> On Behalf Of Leonardo Rodrigues
> Sent: Monday, April 23, 2018 23:15
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: [Dnsmasq-discuss] feature request: ipset options
>
>
>       I'm running dnsmasq with ipset support in some VERY low memory machines (those all-in-one boards), and RAM is really my main concern here. I'm actually using some 'ipset' rules on dnsmasq.conf to have some domains IPs on an ipset list and, thus, being able to allow/deny them with iptables.
>
>       Some of the sets are REALLY large (10k+ entries).
>
>       I was thinking on having a dnsmasq option for, instead of adding the full IP to the set, adding its /24 network for example (simple stripping last digit and adding '.0/24'). In that case, the sets would be significantly smaller. I know with this i'll pottentially allowing traffic i'm not looking for, by assuming th domain holds the entire /24 network. But i'm really concerned with RAM usage, and i'm willing to have that risk.
>
>       Would it be hard to implement something like that in dnsmasq ?
> Would this be useful for any one else ?
>
>


-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes at solutti.com.br
	My SPAMTRAP, do not email it






More information about the Dnsmasq-discuss mailing list