> On Thu, September 28, 2006 14:22, Burak Ozgoren wrote: > > I know about range, and mask but need a rule like for example: > > > > Accept port 22 connections from 192.168.0.5, 10.10.60.163, 212.12.X.X > > > > Now i am writing 3 different rules for these. > > You can't with iptables, but although I'm not familiar with it myself, I > thought you could do (something like) this with ipset. > > http://ipset.netfilter.org/features.html > > > Grts, > Rob > I made a chain named ADMIN -A ADMIN -s 192.168.0.5 -j ACCEPT -A ADMIN -s 10.10.60.163 -j ACCEPT -A ADMIN -s 212.12.X.X -j ACCEPT And running that chain if my situation is ok. -A INPUT -p tcp -m tcp -m multiport --dports 22,10000 -m state --state NEW -j ADMIN I think i can group ip's in a chain, and run that group whereas needed. Will look for the ipset. Thank you very much.
