how to allow multiple -d flags?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

How can I specify a SNAT rule to exclude multiple destination networks?

 

 

/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 172.28.22.0/255.255.255.0 -d ! 172.0.0.0/8 -j SNAT --to-source 64.243.144.209

/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 172.28.22.0/255.255.255.0 -d ! 10.0.0.0/8 -j SNAT --to-source 64.243.144.209

 

Is there a way to do something like

 

/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 172.28.22.0/255.255.255.0 -d ! 172.0.0.0/8,10.0.0.0/8,192.168.0.0/16 -j SNAT --to-source 64.243.144.209

 

I ‘ve tried spaces between the networks, commas, semi-colon, nada

 

Thanks,

Michael Brown, CISSP

InterCept

Corporate Security Analyst

O: 770.840.3918

C: 404.483.1394

2-Way: michael_brown@xxxxxxxxxxxxxx


Director of Communications

Metro Atlanta ISSA - www.gaissa.org

 

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux