Hello, Florian, On 6/22/10 9:30 PM, Florian Effenberger wrote:
what does another chain help? I need to keep some records in the tables, because of clients that might have still the "old" address in their cache. The tables get cluttered anyways, no matter if I use one or several user-defined chains.
The chain is a drop-through list of ip addresses that you have decided are good. Then make a rule or pair of rules to send tcp traffic for port 993 and port 537 to that user-defined chain.
ip6tables -N gmailimap iptables -N gmailimap4 ... iptables -I gmailimap4 --destination 74.125.79.111 -j ACCEPT iptables -I gmailimap4 --destination 74.125.79.109 -j ACCEPT # etc ip6tables -I gmailimap --destination 2a00:1450:8005::68 -j ACCEPT ip6tables -I gmailimap --destination 2a00:1450:8005::93 -j ACCEPT # etc ... ip6tables -I OUTPUT -i eth0 -p tcp --destination-port 993 -j gmailimap; iptables -I OUTPUT -i eth0 -p tcp --destination-port 993 -j gmailimap4; All that is just a guess / pseudo-code. /Lars -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
