Hi Rob, On Tue, 19 Jul 2005, Rob Carlson wrote: > iptables -A testset -m set --set testset src -j > LTREJECT > iptables -I FORWARD 2 -i eth1 -j testset > iptables -I INPUT 2 -i eth1 -j testset > > This works fine for blocking all traffic. However > since I now want specifically to only drop port 22 > and port 25 entries (that is most of the nuisance > traffic) and allow port 80 for example, I did the > following: > > ipset -N ports portmap --from 1 --to 1024 > ipset -A ports 22 > ipset -A ports 25 > ipset -B testset :default: -b ports You missed to replace the iptables command above with the one which instruct the SET target to follow bindings. What you need is iptables -A testset -m set --set testset src,dst -j LTREJECT Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
