Hi, the example in chapter 10.3 [1] seams to be a very handy thing, but I couldn't reproduce it (testing it on the output chain). I'm using v1.4.3.1/2.6.29.6 does this require v1.4.4/2.6.30? [1] http://jengelh.medozas.de/documents/Perfect_Ruleset.pdf (btw: thanks for this wonderful paper) iptables -A OUTPUT -d 10.10.97.1/255.255.255.253 -m iprange --dst-range 10.10.97.1-10.10.97.7 -j REJECT this should match on 10.10.97.1,3,5,7 but matches only 1 and 3 iptables -A OUTPUT -m iprange --dst-range 10.10.97.1-10.10.97.7 -j LOG --log-prefix "SKIPPED: " nmap -sP 10.10.97.1-7 log: SKIPPED: ... DST=10.10.97.2 SKIPPED: ... DST=10.10.97.4 SKIPPED: ... DST=10.10.97.7 <-- SKIPPED: ... DST=10.10.97.5 <-- SKIPPED: ... DST=10.10.97.6 best regards, Christoph A.
Attachment:
signature.asc
Description: OpenPGP digital signature
