Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: User

How to combine a few addresses?

  

 
iptables user RSS feed   Index | Next | Previous | View Threaded


vitaly_il at yahoo

Sep 11, 2007, 4:52 AM

Post #1 of 4 (4644 views)
Permalink
How to combine a few addresses?
How I can combine a few addresses in one rule? For
example, I'd like to add two IPs 10.10.10.1 and
10.10.10.2 to the same rule.


____________________________________________________________________________________
Tonight's top picks. What will you watch tonight? Preview the hottest shows on Yahoo! TV.
http://tv.yahoo.com/


m at rtij

Sep 11, 2007, 5:01 AM

Post #2 of 4 (4375 views)
Permalink
Re: How to combine a few addresses? [In reply to]
Vitaly wrote:
> How I can combine a few addresses in one rule? For
> example, I'd like to add two IPs 10.10.10.1 and
> 10.10.10.2 to the same rule.
>
>

Either use ipset (needs a patched kernel), or iprange (if the addresses
are consecutive) or use a subchain, e.g:

-A -s 10.10.10.1 -j CUSTOM
-A -s 10.10.10.2 -j CUSTOM
-N CUSTOM
-A CUSTOM <rest of rule>


HTH,
M4


vitaly_il at yahoo

Sep 11, 2007, 5:27 AM

Post #3 of 4 (4368 views)
Permalink
Re: How to combine a few addresses? [In reply to]
--- Martijn Lievaart <m [at] rtij> wrote:

> Vitaly wrote:
> > How I can combine a few addresses in one rule? For
> > example, I'd like to add two IPs 10.10.10.1 and
> > 10.10.10.2 to the same rule.
> >
> >
>
> Either use ipset (needs a patched kernel), or
> iprange (if the addresses
> are consecutive) or use a subchain, e.g:
>
> -A -s 10.10.10.1 -j CUSTOM
> -A -s 10.10.10.2 -j CUSTOM
> -N CUSTOM
> -A CUSTOM <rest of rule>
>
Thank you!
Subchains seem to be OK for my needs. But will
subchains work in case when I need to *exclude* some
IPs?

For example, can I add 10.10.10.2 to this rule using
subchain?

iptables -I INPUT -p tcp --dport 80 ! -s 10.10.10.1
-m state --state NEW -m recent --set




____________________________________________________________________________________
Pinpoint customers who are looking for what you sell.
http://searchmarketing.yahoo.com/


m at rtij

Sep 11, 2007, 10:50 AM

Post #4 of 4 (4376 views)
Permalink
Re: How to combine a few addresses? [In reply to]
Vitaly wrote:
> --- Martijn Lievaart <m [at] rtij> wrote:
>
>
>> Vitaly wrote:
>>
>>> How I can combine a few addresses in one rule? For
>>> example, I'd like to add two IPs 10.10.10.1 and
>>> 10.10.10.2 to the same rule.
>>>
>>>
>>>
>> Either use ipset (needs a patched kernel), or
>> iprange (if the addresses
>> are consecutive) or use a subchain, e.g:
>>
>> -A -s 10.10.10.1 -j CUSTOM
>> -A -s 10.10.10.2 -j CUSTOM
>> -N CUSTOM
>> -A CUSTOM <rest of rule>
>>
>>
> Thank you!
> Subchains seem to be OK for my needs. But will
> subchains work in case when I need to *exclude* some
> IPs?
>
> For example, can I add 10.10.10.2 to this rule using
> subchain?
>
> iptables -I INPUT -p tcp --dport 80 ! -s 10.10.10.1
> -m state --state NEW -m recent --set
>

Yes.

-I INPUT -p tcp --dport 80 -j CUSTOM
-A CUSTOM -s 10.10.10.1 -j RETURN
-A CUSTOM -s 10.10.10.2 -j RETURN
-A CUSTOM -m state --state NEW -m recent --set


HTH,
M4

iptables user RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.