Hello,
Pablo Sanchez a écrit :
for example i would like to have a rule with -s !127.0.0.1 OR
!172.16.0.0/24
I believe you can't. What I've done is simply create several rules with the
predicate slightly different in each to accomplish an OR. If you'd like to
make it obvious, you can create a new chain and place your different rules
there.
I think that using a user defined chain is not only a matter of
obviousness, in some case the result may be different from using two
separate rules. For example :
iptables -A INPUT -s 127.0.0.1 -m limit -j ACCEPT
iptables -A INPUT -s 172.16.0.0/24 -m limit -j ACCEPT
and :
iptables -A INPUT -s 127.0.0.1 -j user_chain
iptables -A INPUT -s 172.16.0.0/24 -j user_chain
iptables -A user_chain -m limit -j ACCEPT
behave differently because, if I understand correctly, each 'limit'
match has its own counters and timers. Am I right ?
