* iptables rule for more than one target
@ 2012-01-26 20:12 Usuário do Sistema
2012-01-26 22:23 ` Jan Engelhardt
2012-01-27 8:08 ` Michal Kubeček
0 siblings, 2 replies; 4+ messages in thread
From: Usuário do Sistema @ 2012-01-26 20:12 UTC (permalink / raw)
To: Mail List - Netfilter
Hello everyone, what I want is add an rule in my firewall with more
than an destination target. for exemplo:
/sbin/iptables -t mangle -I PREROUTING -s 10.10.10.10 -d !
192.100.100.8 10.254.253.1 172.16.0.1 -j MARK --set-mark 5
when I try add this rule appear
Bad argument `10.254.253.1'
Try `iptables -h' or 'iptables --help' for more information.
I need add some "-d ! x y z ..."
thanks
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: iptables rule for more than one target
2012-01-26 20:12 iptables rule for more than one target Usuário do Sistema
@ 2012-01-26 22:23 ` Jan Engelhardt
2012-01-27 8:08 ` Michal Kubeček
1 sibling, 0 replies; 4+ messages in thread
From: Jan Engelhardt @ 2012-01-26 22:23 UTC (permalink / raw)
To: Usuário do Sistema; +Cc: Mail List - Netfilter
On Thursday 2012-01-26 21:12, Usuário do Sistema wrote:
>Hello everyone, what I want is add an rule in my firewall with more
>than an destination target. for exemplo:
>
>/sbin/iptables -t mangle -I PREROUTING -s 10.10.10.10 -d !
>192.100.100.8 10.254.253.1 172.16.0.1 -j MARK --set-mark 5
>
>when I try add this rule appear
>
>Bad argument `10.254.253.1'
>Try `iptables -h' or 'iptables --help' for more information.
>
>I need add some "-d ! x y z ..."
http://comments.gmane.org/gmane.comp.security.firewalls.netfilter.general/43488
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: iptables rule for more than one target
2012-01-26 20:12 iptables rule for more than one target Usuário do Sistema
2012-01-26 22:23 ` Jan Engelhardt
@ 2012-01-27 8:08 ` Michal Kubeček
2012-01-27 12:17 ` Usuário do Sistema
1 sibling, 1 reply; 4+ messages in thread
From: Michal Kubeček @ 2012-01-27 8:08 UTC (permalink / raw)
To: Mail List - Netfilter; +Cc: Usuário do Sistema
On Thursday 26 of January 2012 18:12EN, Usuário do Sistema wrote:
> /sbin/iptables -t mangle -I PREROUTING -s 10.10.10.10 -d !
> 192.100.100.8 10.254.253.1 172.16.0.1 -j MARK --set-mark 5
...
> I need add some "-d ! x y z ..."
You can do
iptables -t mangle -N mark5
for a in 192.100.100.8 10.254.253.1 172.16.0.1; do
iptables -t mangle -A mark5 -d $a -j RETURN
done
iptables -t mangle -A mark5 -j MARK --set-mark 5
iptables -t mangle -I PREROUTING -s 10.10.10.10 -j mark5
Or maybe it will suffice to first mark all packets from 10.10.10.10 with
mark 5 and then remark packets with those three destinations back to 0
(or anything else).
Michal Kubeèek
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: iptables rule for more than one target
2012-01-27 8:08 ` Michal Kubeček
@ 2012-01-27 12:17 ` Usuário do Sistema
0 siblings, 0 replies; 4+ messages in thread
From: Usuário do Sistema @ 2012-01-27 12:17 UTC (permalink / raw)
To: Michal Kubeček; +Cc: Mail List - Netfilter
Thank you Michal.
Em 27 de janeiro de 2012 06:08, Michal Kubeček <mkubecek@suse.cz> escreveu:
> On Thursday 26 of January 2012 18:12EN, Usuário do Sistema wrote:
>> /sbin/iptables -t mangle -I PREROUTING -s 10.10.10.10 -d !
>> 192.100.100.8 10.254.253.1 172.16.0.1 -j MARK --set-mark 5
> ...
>> I need add some "-d ! x y z ..."
>
> You can do
>
> iptables -t mangle -N mark5
> for a in 192.100.100.8 10.254.253.1 172.16.0.1; do
> iptables -t mangle -A mark5 -d $a -j RETURN
> done
> iptables -t mangle -A mark5 -j MARK --set-mark 5
> iptables -t mangle -I PREROUTING -s 10.10.10.10 -j mark5
>
> Or maybe it will suffice to first mark all packets from 10.10.10.10 with
> mark 5 and then remark packets with those three destinations back to 0
> (or anything else).
>
> Michal Kubeček
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-01-27 12:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-26 20:12 iptables rule for more than one target Usuário do Sistema
2012-01-26 22:23 ` Jan Engelhardt
2012-01-27 8:08 ` Michal Kubeček
2012-01-27 12:17 ` Usuário do Sistema
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.