On Mon, 2004-04-19 at 12:02, Feizhou wrote: > I don't know if such a question has been asked before and the archive > didn't provide a search button... > > I have a whole bunch of ips/cidrs that I want to apply the rule to. > > Is there any way to insert one rule where the -s would be able to look > up a table (btree/hash/cdb whatever) that contains those ips/cidrs > instead of insert gazillion rules? > There's no built-in match for that. That's exactly why I wrote a match for this (back when we were hit by code red). I called it 'manyaddr', and it reads up to 15000 ip addresses (per rule) from a file. You can then match source or destination address against the addresses in the file. If you aren't afraid of patching your kernel and iptables tree, running patch-o-matic and recompiling everything, this could be a good solution for you. Please mail me if you want to give manyaddr a try. Greetings, Torsten Lüttgert <t.luettgert at pressestimmen.de>
Attachment:
signature.asc
Description: This is a digitally signed message part
