On 07/01/2019 12:45, Florian Westphal wrote:
> There is
>
> tcp dport != { 80, 443 }
>
> should work just fine and match when dport is not in the anonymous set.
Actually it worked. I think it should be included in that reference. :)
>
> Check out iptables-translate tool, it can help if you are familiar with
> iptables.
This tool isn't really accurate. I mean, when I passed my rules to it,
especially the one in question or similar, I got this:
# -t raw -A peerblock -p tcp -m multiport --dports 80,443 -m set --match-set some_set dst -j DROP
So the hash I think is for not translating the rule because of some
issues, but what more important, it removed the _!_ character.
I don't really want to rely on the tool and have to translate my
rules manually.
Attachment:
signature.asc
Description: OpenPGP digital signature
