On Mon, 9 Jul 2012, Nikolai Lusan wrote: > I'm putting together a new firewall, using ipsets to simplify the > overall rules. I would like to know if I can use multiple sets in a > single rule. For example would the following be possible: > > ipset create incoming_ports bitmap:port > ipset add incoming_ports 53 > ipset add incoming_ports 25 > ipset add incoming_ports 80 > ipset add incoming_ports 143 > > ipset create local_addresses bitmap:ip > ipset add local_addresses 192.168.0.1 > ipset add local_addresses 150.250.150.253 > > iptables -A -p tcp -m set --set local_addresses src\ > --set incoming_ports dst -j ACCEPT > > Or should I match on one thing first and push the result into a chain to > match with the second set? There is no need to break up the rule into chains/rules, multiple matches of the same type in one rule is supported. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
