Hello
I'm having some trouble understanding the correct syntax for an
iptables rule involving ipset.
I need to forward between IPs within the same ipset. So I've tried
using something like this:
iptables -A FORWARD -i eth0 -o eth0 -m set --match-set testset src,dst
-p tcp --dport 9000:9020 -j ACCEPT
However this allows forwarding to all the eth0 network for the
'testset' IPs.
Instead
iptables -A FORWARD -i eth0 -o eth0 -m set --match-set testset src -m
set --match-set testset dst -p tcp --dport 9000:9020 -j ACCEPT
seems to do what I need but I'm not 100% certain.
Anyone with a better understanding?
iptables v1.4.10
ipset v5.3.
Thank you.
--
Arthur Titeica
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
