Re: How to combine a few addresses?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--- Martijn Lievaart <m@xxxxxxx> wrote:

> Vitaly wrote:
> > How I can combine a few addresses in one rule? For
> > example, I'd like to add two IPs 10.10.10.1 and
> > 10.10.10.2 to the same rule.
> >
> >   
> 
> Either use ipset (needs a patched kernel), or
> iprange (if the addresses 
> are consecutive) or use a subchain, e.g:
> 
> -A -s 10.10.10.1 -j CUSTOM
> -A -s 10.10.10.2 -j CUSTOM
> -N CUSTOM
> -A CUSTOM <rest of rule>
> 
Thank you!
Subchains seem to be OK for my needs. But will
subchains work in case when I need to *exclude* some
IPs?

For example, can I add 10.10.10.2 to this rule using
subchain?

iptables -I INPUT -p tcp --dport 80  ! -s 10.10.10.1  
-m state --state NEW -m recent --set



       
____________________________________________________________________________________
Pinpoint customers who are looking for what you sell. 
http://searchmarketing.yahoo.com/
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux