On 2013-07-12 14:50, Arturo Borrero Gonzalez wrote: > 2013/7/12 Die Optimisten <inform@xxxxxxxxxxxxxxxxxx>: > >> Hi! >> Thanks for your fast answer!! >> >> How can I write -t nat >> [all except these 2:] (! -d 127.0.0.1 -and ! -d 192.168.0.0/16) ? >> >> > I would do it with ipset(8). > > -- > Arturo Borrero González > Hello Aha, seems it is not possible with iptables (alone)? - Is it also possible to check against 1000 IPs with ipset (performance) ? How to check against 1000 MACs (no mactables?!, only aprtables) Another question (yes, I know this is a iptables-list, but perhaps interesting to all): I've heard it is possible to have a tunnel, which doesn't disconnect the inside running (tcp-) sessions, if connection is lost. How can this be done? Is there a max (inner) timeout, within that you have to reconnect the outer tunnel? How can the timeout be changed? Or is there a possibility to reopen the tunnel next day without breaking the inner connections?That would be fine! Sg. existing already? Idea: a tool that "simulates" the other end and takes over the connection, when other side doesn't respond (just ACKs, without data?) Please also reply to me directly inform@die-optimisten DOT net thanks again! Andrew -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
