IPSET-NG FAQ

This FAQ provides answers to basic questions about software package IPSET-NG.
If you have a question, you can ask it in this OnLine form questions.

Aware of the problems when building the Lockless memory allocator library on different platforms. Avoid this option to disable its use when building a package using the command: make LLALLOC=NO <name of package>

P.S. Possible to read about solutions for the assembly of this library on your platform, see manufacturer's website.

2014/01/01

Optimal cache size for mail filter depends on the load on your mail server and the traffic that comes to postage.

When choosing the size of the cache can come from the following values: 1 MGb cache can contain about 50,000 IP addresses.

2014/01/01

This is possible, it is solved by setting individual delay poll mouse. Use the key -t or --tmouse=xxx when you run from the command line. The default value is 150 milliseconds, try increasing this value, such as --tmouse=180 or --tmouse=200.

2014/01/01

It is possible to make iptables rules spelled out in advance, for example:


    iptables -N DESTDROP
    iptables -A INPUT -p tcp -d 1.2.3.4 --dport 80 -j DESTDROP
    iptables -A INPUT -p tcp -d 1.2.3.4 --dport 443 -j DESTDROP

    # in ipsetd-ng configuration:
    iptenable = yes
    iptchain = DESTDROP
    ipttable = filter
    iptrule =  DROP
    iptmethod = append


2014/01/01

Most likely you have created a table in ipset without the support slots. Thus, with the address parameters of the lifetime can be added to this table. This is what is written on this topic in the manual:

ipset v6.21.1: Timeout cannot be used: set was created without timeout support..
not use ip timeout where is table set created without timeout support!

Example to create lifetime ipset table:


    # blocking one hours: timeout = (minute * 60)
    # blocking one day: timeout = ((hours * 60) * 60)
    # blocking one month: timeout = (((24 * 60) * 60) * day of month)

    ipset -N table_name hash:ip family inet hashsize 1024 maxelem 65536 timeout 3600



If the table is created with the parameter timeout, it is possible to assign an arbitrary timeout IP address.

2014/01/01

Try to rebuild OpenSSL library, this behavior when you run out valgrind characteristic when OpenSSL was collected keyless -DPURIFY.
Edit Makefile in OpenSSL library directory and add value to the variable: CFLAGS -DPURIFY, make and make install. Packet IPSET-NG also have to gather again with renewed support library.

2014/01/01

Go to Bug Tracker resource, and submitted bug reports or patches. Bug Tracker is not for support questions of any kind! If you have a support question please use the forums, mailing lists or IRC instead. Support questions on Flyspray will get closed without any further comment.

Also, please search Bug Tracker before adding a task -- duplicates are really annoying and only crowd the tracker, decreasing its use and taking valuable developer time to clean up.

This time is better spent on coding, adding requested features and fixing bugs.

2015/08/01

Closing duplicate tasks

When you close a task for being a duplicate, write in the comment which task it is a duplicate of, as BT#xxx. The closed task will then be marked as a duplicate of the original.

2015/08/01

Not necessarily, but if you register, you will get access to many additional features: * Advanced search features store (though easy to use) * Voting for tasks * Filter and export of tasks as CSV * Email address & Jabber ID notifications * or more..

You have to register with Bug Tracker before you can submit anything. Make sure you read the Bug Tracker How-To before filing any tasks.

If you want to change your password for access to the Bug Tracker, use this link.

Bug Tracker users are split into groups, having different permissions. When you first register (or reset your password), you are put in the "Reporters" group, which is allowed to write new tasks and comment on existing ones. If you are a developer, and are not listed in the "Developers" group, you will have to be moved there. Send message from Feed Back form, to fix this.

2015/08/01

If you want to see all new submissions and changes via mail, subscribe to the message in Bug Tracker. if I do not want to be notified, you can disable personal notifications in your Bug Tracker profile.

* Notifications are by default not sent to the user making the change. The user already knows what action they made, so Bug Tracker doesn't fill their inbox with information they already know. This behavior can be changed by the user on his profile page.

2015/08/01

  Meta Tags: FAQ