From 24b35d0b8950407ce85eefef18576d54f1e2c20e Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Fri, 13 Jan 2012 22:52:44 +0100 Subject: Exceptions support added to hash:*net* types The "nomatch" keyword and option is added to the hash:*net* types, by which one can add exception entries to sets. Example: ipset create test hash:net ipset add test 192.168.0/24 ipset add test 192.168.0/30 nomatch In this case the IP addresses from 192.168.0/24 except 192.168.0/30 match the elements of the set. --- include/libipset/data.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include/libipset/data.h') diff --git a/include/libipset/data.h b/include/libipset/data.h index 3ba6f0a..525cc6a 100644 --- a/include/libipset/data.h +++ b/include/libipset/data.h @@ -53,6 +53,7 @@ enum ipset_opt { IPSET_OPT_EXIST, IPSET_OPT_BEFORE, IPSET_OPT_PHYSDEV, + IPSET_OPT_NOMATCH, /* Internal options */ IPSET_OPT_FLAGS = 48, /* IPSET_FLAG_EXIST| */ IPSET_OPT_CADT_FLAGS, /* IPSET_FLAG_BEFORE| */ @@ -101,7 +102,8 @@ enum ipset_opt { | IPSET_FLAG(IPSET_OPT_IFACE) \ | IPSET_FLAG(IPSET_OPT_CADT_FLAGS)\ | IPSET_FLAG(IPSET_OPT_BEFORE) \ - | IPSET_FLAG(IPSET_OPT_PHYSDEV)) + | IPSET_FLAG(IPSET_OPT_PHYSDEV) \ + | IPSET_FLAG(IPSET_OPT_NOMATCH)) struct ipset_data; -- cgit v1.2.3