From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <toke@toke.dk>
Received: from mail2.tohojo.dk (mail2.tohojo.dk [IPv6:2a01:4f8:200:3141::101])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 466BD21F1C8
	for <cerowrt-devel@lists.bufferbloat.net>;
	Thu, 20 Mar 2014 03:28:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at example.com
Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000)
	id C11D11BBF6; Thu, 20 Mar 2014 11:28:38 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310;
	t=1395311319; bh=8phHuUeFr6ZWcpz+J6HYuCznp1HV0HlcX1CI2xNi8jo=;
	h=From:To:Cc:Subject:References:Date:In-Reply-To;
	b=Ji+mx8DzmuiEs+V3r3vsBlEvG5ZVBpCwEzqN53uxE9TTdkpULknxQDtnZfx1dTSIO
	5Ov6STIldVuGdS63mJON5P//uA1MXLro8bEU433aCkNCk0ex9RfFjPB4NjDujFw2RL
	VCHKwki7O584f7MlONboil22VP6G+5DPRCLs20OY=
From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
To: jow@openwrt.org
References: <87txataord.fsf@toke.dk>
	<CAA93jw5o4sqykTXmGa1OB1gtwVn83g13Gs9TQ1LRPKWn7r7gUA@mail.gmail.com>
	<532AB801.6050702@openwrt.org>
Date: Thu, 20 Mar 2014 11:28:36 +0100
In-Reply-To: <532AB801.6050702@openwrt.org> (jow@openwrt.org's message of
	"Thu, 20 Mar 2014 10:42:25 +0100")
Message-ID: <87lhw59naj.fsf@toke.dk>
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Cc: "cerowrt-devel@lists.bufferbloat.net" <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] BCP38 implementation
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 10:28:48 -0000

--=-=-=
Content-Type: text/plain

jow@openwrt.org writes:

> You can trim down the ipset uci declaration a bit, it is possible to
> specify the direction of the set directly in the "option ipset" param,
> therfore you can get rid of the 2nd -ingress declaration.

Ah, neat. Is there an easy way to programmatically insert these rules
when the bcp38 logic is activated? Or is the easiest way to create the
iptables rules manually from the external script (which is run by an
include statement in the firewall rules)?

-Toke

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCAAGBQJTKsLUAAoJEENeEGz1+utPqIYH/A09j9HUuXnsRLpr+ZF7d9qc
/0O+r682BL1XIvFXUG4R8XetvYuFo5J0sHA+1sS6erUoyrXpYxU4nxX9zUdZQmKX
y808PXIDfOEhJGpdS6xvHXrxcUV8yTfvOVu0NWDT+AUPH5fJYfxCIv/BS3ocTCQr
M51I+A4x9IAIhSKk4sNSf5U4GC+T0orGTHg3Ec/VvWrlcoyn9f1LDSiUHGdkSJml
Zu9NejvgCoyMpgipcpTPSq5OLgfVYAPoIKUV3KXwTB2rpSiAJ3NQRZWxK8r0MvvR
A9YDguat2s5drzF6S2HaUAwdhF/SIeUCJzfXd9ocP8n2z59GoyT3MeKYc6mYT58=
=OeQ7
-----END PGP SIGNATURE-----
--=-=-=--