On Friday 18 October 2002 5:22 pm, Chris Len wrote:
> Is there any way to accomplish something like the following?
> iptables -t filter -A INPUT -s (!192.168.0.2 || !192.168.0.3) -j DROP
Er, yes...
iptables -t filter -A INPUT -j DROP
:-)
Your request says "If the source address is not .2, or is not .3, then drop".
All addresses are "not .2" except for .2, and that is "not .3" therefore all
addresses match :-)
If, however (as I suspect) you meant to ask "if the address is not .2 and is
not .3, then drop", try something like this:
iptables -N mychain
iptables -A INPUT -j mychain
iptables -A mychain -s 192.168.0.2 -j RETURN
iptables -A mychain -s 192.168.0.3 -j RETURN
iptables -A mychain -j DROP
This creates a user-defined chain called mychain, the INPUT chain calls the
user-defined chain, where packets with source address 192.168.0.2 return to
the INPUT chain and continue processing, as do packets with source address
192.168.0.3, all other packets get DROPped.
Antony.
--
You can spend the whole of your life trying to be popular,
but at the end of the day the size of the crowd at your funeral
will be largely dictated by the weather.
- Frank Skinner
