x86 team, please, stabilize net-firewall/ipset-ipset-2.2.9.20070401. Currently stable version does not compile with the recent stable kernels... Quick instructions how to merge it: 1. Download & unpack patch-o-matic with set target # cd /usr/src # wget http://ipset.netfilter.org/patch-o-matic-ng-20071021.tar.bz2 # tar -jxvf http://ipset.netfilter.org/patch-o-matic-ng-20071021.tar.bz2 2. unpack iptables, it's necessary to apply patch-o-matic # tar -jxvf /usr/portage/distfiles/iptables-1.3.8.tar.bz2 3. Patch kernel to support SET target # KERNEL_DIR=/usr/src/linux IPTABLES_DIR=/usr/src/iptables-1.3.8 patch-o-matic-ng/runme set 4. Now enable SET target support in kernel configuration (I suggest as a module to avoid restarting computer) and emerge ipset. Although runme tells you that iptables are successfully patched 1.3.8-r1 do not believe it. It did not touched iptables sources. 5. Now create some set and add IP's there: # ipset -N new-set ipmap --network 192.168.0.0/16 # ipset -A new-set 192.168.1.1 # iptables -A FORWARD -m set --set new-set src -j ACCEPT last iptables rule should match ip's added with ipset -A ... So if you do -j DROP then packets will be droped from FORWARD chain. Note: you should compile iptables with "extensions" USE flag enabled. Thank you.
x86 stable
