Feature changed by: Jan Engelhardt (jengelh) Feature #308441, revision 7 Title: Include the xtables-addons package Package Wishlist: Unconfirmed Priority Requester: Desirable Info Provider: Jan Engelhardt (jengelh) Requested by: Don Hughes (dehughes) Description: The distribution currently contains the -j SET target and the -m set extension module for iptables, but not the ipset module needed to create and populate the referenced tables. The ipset module is provided with the xtables-addons package (plus some additional filtering tools). The ipset module ( http://ipset.netfilter.org ) can be very useful in building firewalls for large networks. Creating a firewall black list with just iptables could entail a filter table with a very large number of entries which can have a significant performance impact. ipset can be used to build much more eficient lookup tables, improving performance. (Description modified based on comment #1) Discussion: #1: Jan Engelhardt (jengelh) (2009-12-05 13:23:58) Reword this request: include "xtables-addons" (contains ipset already, and no kernel recompile is needed). SRPM is in http://jftp.medozas.de/. #2: Petr Uzel (puzel) (2009-12-30 12:44:06) (reply to #1) What's the advantage of xtables-addons over official ipset from netfilter team? I don't get the point with kernel recompilation. + #3: Jan Engelhardt (jengelh) (2009-12-30 14:16:56) (reply to #2) + Xtables-addons is the consensual successor to pom-ng, so decided on the + Netfilter Workshop 2008. It's just that... the netfilter.org webpage + does not get updated. For all inofficiality that it may still retain, + it does ship the official ipset including the extensions that once + lived in pom-ng (now well-maintained in Xt-a) in a single package. IOW, + build Xt-a, get ipset for free. + Re recompilation: xtables-addons is a KMP, while pom-ng was/is not. -- openSUSE Feature: https://features.opensuse.org/308441