Re: [iptables] Use ipset with conntrack module

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: Amiq Nahas <m992493@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [iptables] Use ipset with conntrack module
Date: Mon, 17 Aug 2020 19:31:50 +0200	[thread overview]
Message-ID: <20200817173150.GC15804@breakpoint.cc> (raw)
In-Reply-To: <CAPicJaHrKqxJUV18pU+tvojjJvcV1EbvBo8VpNrgjoh0BYwz6w@mail.gmail.com>

Amiq Nahas <m992493@gmail.com> wrote:
> Hi Guys,
> 
> Currently only a single ip-address can be specified with these options
> in conntrack module:
> --ctorigsrc address[/mask]
> --ctorigdst address[/mask]
> --ctreplsrc address[/mask]
> --ctrepldst address[/mask]
> 
> I would like to add a new feature into iptables so that multiple
> ip-addresses can be specified at once. I am thinking this can be done
> using ipset.
> 
> Please share your thoughts on how this can be implemented.

This can be done with nftables.  I don't think its worth it to spend
time on this in iptables world.

You would also need to copy-paste reimplement the match  again if you want to
combine it with e.g. network interface.

     prev parent reply	other threads:[~2020-08-17 17:32 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-17 12:12 [iptables] Use ipset with conntrack module Amiq Nahas
2020-08-17 17:31 ` Florian Westphal [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200817173150.GC15804@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=m992493@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.