On Mon, 17 Oct 2005, Monty Ree wrote: > I know -mport and --src-range function at iptables. > But I have some rules like below. > > which same dst ip and port but source ip is not like below. > > iptables -A INPUT -p tcp -s 1.1.1.1 -d 10.10.10.10 --dport 25 -j ACCEPT > iptables -A INPUT -p tcp -s 20.20.1.1 -d 10.10.10.10 --dport 25 -j ACCEPT > iptables -A INPUT -p tcp -s 30.1.2.1 -d 10.10.10.10 --dport 25 -j ACCEPT > iptables -A INPUT -p tcp -s 40.11.3.10 -d 10.10.10.10 --dport 25 -j ACCEPT > iptables -A INPUT -p tcp -s 100.1.2.3 -d 10.10.10.10 --dport 25 -j ACCEPT > iptables -A INPUT -p tcp -s 211.3.4.5 -d 10.10.10.10 --dport 25 -j ACCEPT Use ipset: create a set (say 'smtp-clients') for all source addresses above and then you can use a single rule like this: iptables -A INPUT -d 10.10.10.10 -p tcp --dport 25 \ -m set --set smtp-clients src -j ACCEPT Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
