Amiq Nahas <m992493@xxxxxxxxx> wrote: > Hi Guys, > > Currently only a single ip-address can be specified with these options > in conntrack module: > --ctorigsrc address[/mask] > --ctorigdst address[/mask] > --ctreplsrc address[/mask] > --ctrepldst address[/mask] > > I would like to add a new feature into iptables so that multiple > ip-addresses can be specified at once. I am thinking this can be done > using ipset. > > Please share your thoughts on how this can be implemented. This can be done with nftables. I don't think its worth it to spend time on this in iptables world. You would also need to copy-paste reimplement the match again if you want to combine it with e.g. network interface.
