Guys, i am trying to config ipset in dnsmasq (on tab ipset), i want to use it to get all ip of those domains and use it in firewall, i already insert screen shoot in this message. But the ipset name doesnt show up on the ipset list tab on firewall and after i check with 'nft list ruleset' theres no elements either with that name. Dnsmasq version is 2.86.
Do ipset or nftset in openwrt 22.03.6 still have a bug? Or maybe i made a mistake along the way?
You have to replace the dnsmasq package with the dnsmasq-full package to get nftset support.
For clarity:
As OpenWrt has moved over to nftables as default, the Linux standard ipset is no longer supported and in fact "auto-population" of an ipset by Dnsmasq has been removed from the code and replaced by dnsmasq nftset auto-population instead.
Confusingly, OpenWrt now uses the terms "ipset" or "ip set" where it means nftset.
Yes you are correct. But sadly it's supported by dnsmasq starting from v2.87. I just read it from this page https://openwrt.org/docs/guide-user/firewall/filtering_traffic_at_ip_addresses_by_dns which is included in openwrt 23. I am trying to use scripts scheduling to populate it.
I hope that dnsmasq v2.87 will be able to be included in openwrt v22.03.6 soon. Or openwrt v23.05 could have my wifi driver kmod-iwlegacy (or kmod-iwl3945) very soon.
Ah! Sorry, I missed that you are on that version.
As far as I am aware, OpenWrt 22.03.6 supports neither ipsets nor nftsets from Luci and this will never be fixed as 22.03.x is approaching EOL with only security issues likely to be fixed.
You need to upgrade to 23.05.2
The problem of v23.05.2 is no kmod-iwlegacy or kmod-iwl3945, that is my wifi driver.
I would suggest you start a new thread about the missing kmod-iwl-legacy and kmod-iwl3945 packages in 23.05.2 as this is the fundamental problem that prevents you upgrading and getting your nftset support.
Ok i will try it. Thanks.
