Re: exclude named sets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Am 20.05.22 um 05:49 schrieb Andrew Clark:
> […] to route all
> traffic in the TOR network, but I have a bunch of addresses which
> should be passed directly, without using TOR.
> 
> This is valid rule: iifname $int_ifs ip daddr @rkn meta l4proto tcp
> redirect to :9051
> But this one is not: iifname $int_ifs ip daddr != { @akamai,
> @stormwall } meta l4proto tcp redirect to :9051
> 
> […]

Would it be sufficient to have only one list and work with the default
package handling? For example a single whitelist causes direct package
routing without Tor. The default rule forwards to the Tor network.

The other way around a blacklist would force packages through Tor while
the rest via default rule goes through!?

Out already pointed out that one rule is the other's negation.

Is there a third route? Or even more?



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux