Transparent proxy: Preventing redirection for specific hosts

Recently, I used a self-written application (C#, .net Framework 2.0) that uses a web service, and suddenly it didn't work any more. The first attempt to call the service threw a network connection exception (the underlying connection was closed unexpectedly), the second one an HTTP exception (417 Expectation Failed). I first thought that something on the server would be wrong, but after some googling, I found out that it was my proxy (squid3), which runs as a transparent proxy on my home network. Consequently, it was my goal to exclude the IP address of the server that runs the web service from the iptables rule that does the redirection. I already had excluded my LAN and iptables wouldn't allow to exclude more than one IP address or subnet. So, I had to dive into "ipset". The commands are quite simple:

ipset -N noproxy iphash
ipset -A noproxy 192.168.1.0/24
ipset -A noproxy 1.2.3.4
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -m set ! --set noproxy dst -j REDIRECT --to-port 3128

"1.2.3.4" is just an example! You can replace it with any other IP address. Note that adding "192.168.1.0/24" effectively adds 256 hosts to the "noproxy" list! Unfortunately, ipset only allows to add 65.536 entries, so if you add a /16-subnet, the list is full already. Another (rather small) issue with ipset is that you cannot destroy a set while it is in use, so you always must delete the iptables rule that uses it before. But the really great advantage of ipset is that you can add and remove hosts from a set any time without touching iptables chains. For example, if I would like to allow transparent proxy for 192.168.1.6, I just do a

ipset -D noproxy 192.168.1.6

and iptables does what I want. The command means "remove 192.168.1.6" from set "noproxy".