Hello guys, Recently I've encountered an issue with using ipset in my firewall. I use Debian Linux 8.4, running in virtual machine inside ESXi 5.5. My host is 192.168.1.2, remote host is 192.168.1.1. I'm running ssh server on my host and want to limit access to it using one rule with two sets of different types like this: iptables -t filter -A INPUT -m set --match-set NETS_IFACE src,src -m set --match-set SSH src,dst,dst -j ACCEPT iptables -p OUTPUT ACCEPT ipset create SSH hash:ip,port,ip hashsize 8 maxelem 8 family inet ipset add SSH 192.168.1.1,tcp:22,192.168.1.2 ipset create NETS_IFACE hash:net,iface hashsize 128 maxelem 128 family inet ipset add NETS_IFACE 192.168.1.0/24,eth1 It doesn't work this way. eth1 really exists and handle traffic. But If I use rule like this it works fine. iptables -t filter -A INPUT -i eth1 -m set --match-set SSH src,dst,dst -j ACCEPT What am I doing wrong? Regards, Art -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
