Feature changed by: Jan Engelhardt (jengelh) Feature #308441, revision 9 Title: Include the xtables-addons package Package Wishlist: Unconfirmed Priority Requester: Desirable Info Provider: Jan Engelhardt (jengelh) Requested by: Don Hughes (dehughes) Description: The distribution currently contains the -j SET target and the -m set extension module for iptables, but not the ipset module needed to create and populate the referenced tables. The ipset module is provided with the xtables-addons package (plus some additional filtering tools). The ipset module ( http://ipset.netfilter.org ) can be very useful in building firewalls for large networks. Creating a firewall black list with just iptables could entail a filter table with a very large number of entries which can have a significant performance impact. ipset can be used to build much more eficient lookup tables, improving performance. (Description modified based on comment #1) Discussion: #1: Jan Engelhardt (jengelh) (2009-12-05 13:23:58) Reword this request: include "xtables-addons" (contains ipset already, and no kernel recompile is needed). SRPM is in http://jftp.medozas.de/. #2: Petr Uzel (puzel) (2009-12-30 12:44:06) (reply to #1) What's the advantage of xtables-addons over official ipset from netfilter team? I don't get the point with kernel recompilation. #3: Jan Engelhardt (jengelh) (2009-12-30 14:16:56) (reply to #2) Xtables-addons is the consensual successor to pom-ng, so decided on the Netfilter Workshop 2008. It's just that... the netfilter.org webpage does not get updated. For all inofficiality that it may still retain, it does ship the official ipset including the extensions that once lived in pom-ng (now well-maintained in Xt-a) in a single package. IOW, build Xt-a, get ipset for free. Re recompilation: xtables-addons is a KMP, while pom-ng was/is not. #4: Petr Uzel (puzel) (2009-12-30 14:57:59) (reply to #3) Thanks for clarification, Jan. Since you are the expert in this area and openSUSE Factory is open, could you please take care of xtables-addons inclusion into openSUSE? + #5: Jan Engelhardt (jengelh) (2009-12-31 16:48:22) (reply to #4) + Please create new packages so that I can SR into them, or direct-import + them from + home:jengelh:network:utilities/xtables-addons + home:jengelh:network:utilities/xtables-geoip + (Do not mind that they are in network:utilities/. I think that is the + wrong place, but I happened to put it there randomly for a start.) -- openSUSE Feature: https://features.opensuse.org/308441