On Thursday 2009-04-09 19:24, Michael Granzow wrote: >It seems iptables (and ip6tables) can only process one IP address at a >time which makes blocking many IP addresses a rather slow process. Use iptables-restore ;-) >commit 377b05e967bc0623364089f2d57018ab2604ea95 >Author: Michael Granzow <mgranzow@xxxxxxxx> >Date: Thu Apr 9 16:38:09 2009 +0100 > > Allow multiple IPs on the command-line for iptables/ip6tables. > > With this patch, you can process more than one IP address with a single > invocation of iptables, for instance: > > # ip6tables -A INPUT -s 2001:db8::a,2001:db8::b,2001:db8::c -j DROP > # ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP > # ip6tables -D INPUT -s 2001:db8::a,2001:db8::d -j DROP I cleaned this patch now and queued it. You may re-inspect or test it, grabbable from: git://dev.medozas.de/iptables master (commit 91c9e31) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
