Hello, Testing xtables-addons[1] 1.30 on a virtual system, I have some questions for my setup and regarding the xtables-addons next branch[2]. I want to avoid duplication, I have one ipporthash for my DMZ services (behind a NAT) and would like to be able to skip some tests or fix one argument: ipset -N dmz-services ipporthash --network 10.1.1.0/24 ipset -A dmz-services 10.1.1.2,www ipset -A dmz-services 10.1.1.2,smtp ipset -A dmz-services 10.1.1.2,ssh # DNAT by server # Match only ports iptables -t nat -A PREROUTING -i internet -m set --match-set dmz-services skip,dst -j DNAT 10.1.1.2 Another this if several dmz servers hosts different services: # Add a new service for a new host ipset -A dmz-services 10.1.1.3,kerberos # Match services hosted on 10.1.1.2 iptables -t nat -A PREROUTING -i internet -m set --match-set dmz-services 10.1.1.2,dst -j DNAT 10.1.1.2 # Match services hosted on 10.1.1.3 iptables -t nat -A PREROUTING -i internet -m set --match-set dmz-services 10.1.1.3,dst -j DNAT 10.1.1.3 Is it a possible-to-add feature? Regards. Footnotes: [1] http://www.baby-gnu.org/debian-asgardr/changelogs/pool/main/x/xtables-addons/xtables-addons_1.30-1/changelog [2] http://www.spinics.net/lists/netfilter/msg49256.html -- Daniel Dehennin RÃcupÃrer ma clef GPG: gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1
Attachment:
pgpgasmN6k4VJ.pgp
Description: PGP signature
