-------- Original-Nachricht -------- > Datum: Sun, 05 Oct 2008 10:45:18 +0200 > Von: "Sebastian Seemann" <MisterSeaman@xxxxxx> > An: netfilter@xxxxxxxxxxxxxxx > Betreff: Re: Re: > > On Sun, 05 Oct 2008 00:14:30 -0500, Grant Taylor > > >I would be tempted to re-write your rule like this > > > > > > iptables -A INPUT ! -m geoip --src-cc [country] -j ACCEPT > > > >The difference being that you are moving the negative logic out of an > > >unpredictable failure situation (GeoIP not knowing where the IP is > from) > > >to a controlled situation (IPTables inverting the result of a match > > >extension). > Ah, I see. So simple but so great. Thank you. In fact, sadly this doesn't seem to work in general. iptables reports "unexpected ! flag before match". This was with iptables 1.4.0. Any other ideas? Regards, Sebastian -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer -- GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen! Jetzt dabei sein: http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf@gmx -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
