On Thursday 26 of January 2012 18:12EN, Usuário do Sistema wrote:
> /sbin/iptables -t mangle -I PREROUTING -s 10.10.10.10 -d !
> 192.100.100.8 10.254.253.1 172.16.0.1 -j MARK --set-mark 5
...
> I need add some "-d ! x y z ..."
You can do
iptables -t mangle -N mark5
for a in 192.100.100.8 10.254.253.1 172.16.0.1; do
iptables -t mangle -A mark5 -d $a -j RETURN
done
iptables -t mangle -A mark5 -j MARK --set-mark 5
iptables -t mangle -I PREROUTING -s 10.10.10.10 -j mark5
Or maybe it will suffice to first mark all packets from 10.10.10.10 with
mark 5 and then remark packets with those three destinations back to 0
(or anything else).
Michal Kubeček
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
