Hello, Thanks! Confirmed that it works as expected. 2015-07-10 19:29 GMT+03:00 Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>: > Create a drop rule in *filter FORWARD, that drops incoming > packets for SNATed IPs without a matching policy > > - -A FORWARD -m ipset --set snatedIPs dst -m policy --pol none --dir out -j DROP -- WBR & WBW, Vitaly -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
