Am Mit, 2003-08-27 um 16.44 schrieb Masiero Giorgio, PD: > Hy my name is Giorgio, > I'm tryng to translate our Checkpoint FW-1 ruleset into Iptables. > I do not know iptables well so I really need a suggestion to plan my future efforts. > The problem is this: > Is it possible to use objects like Checkpoint Groups (that is a set of host and/or networks) into an Iptables rule. > > It seems to me that iptables accept souce/destination that are only one host/network. > You can use the ippool feature to match several hosts using one rule. ippool is in patch-o-matic. Go the the netfilter homepage and read up on applying patch-o-matic and ippool. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
