Feature changed by: Don Hughes (dehughes) Feature #308441, revision 4 Title: Include the xtables-addons package Package Wishlist: Unconfirmed Priority Requester: Desirable Requested by: Don Hughes (dehughes) Description: - Compile RT kernel with the ip_set netfilter option, and include the - ipset module in the distribution. + The distribution currently contains the -j SET target and the -m set + extension module for iptables, but not the ipset module needed to + create and populate the referenced tables. + The ipset module is provided with the xtables-addons package (plus some + additional filtering tools). The ipset module ( http://ipset.netfilter.org ) can be very useful in - building firewalls for large networks. It needs the ip_set kernel - module. - Creating a firewall black list with just iptables could entail a filter - table with a very large number of entries which can have a significant - performance impact. ipset can be used to build much more eficient - lookup tables, improving performance. + building firewalls for large networks. Creating a firewall black list + with just iptables could entail a filter table with a very large number + of entries which can have a significant performance impact. ipset can + be used to build much more eficient lookup tables, improving + performance. + + (Description modified based on comment #1) Discussion: #1: Jan Engelhardt (jengelh) (2009-12-05 13:23:58) Reword this request: include "xtables-addons" (contains ipset already, and no kernel recompile is needed). SRPM is in http://jftp.medozas.de/. -- openSUSE Feature: https://features.opensuse.org/308441