From: Lars Nooden <lars.curator@gmail.com>
To: Florian Effenberger <floeff@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: randomly changing IPs from different subnets (Google Mail)
Date: Tue, 22 Jun 2010 22:16:52 +0300 [thread overview]
Message-ID: <4C210C24.9050605@gmail.com> (raw)
In-Reply-To: <6BE62F49-0B12-4DCB-A421-7D90BDFF0615@gmail.com>
Hello, Florian,
On 6/22/10 9:30 PM, Florian Effenberger wrote:
> what does another chain help? I need to keep some records in the
> tables, because of clients that might have still the "old" address in
> their cache. The tables get cluttered anyways, no matter if I use one
> or several user-defined chains.
The chain is a drop-through list of ip addresses that you have decided
are good. Then make a rule or pair of rules to send tcp traffic for
port 993 and port 537 to that user-defined chain.
ip6tables -N gmailimap
iptables -N gmailimap4
...
iptables -I gmailimap4 --destination 74.125.79.111 -j ACCEPT
iptables -I gmailimap4 --destination 74.125.79.109 -j ACCEPT
# etc
ip6tables -I gmailimap --destination 2a00:1450:8005::68 -j ACCEPT
ip6tables -I gmailimap --destination 2a00:1450:8005::93 -j ACCEPT
# etc
...
ip6tables -I OUTPUT -i eth0 -p tcp --destination-port 993 -j gmailimap;
iptables -I OUTPUT -i eth0 -p tcp --destination-port 993 -j gmailimap4;
All that is just a guess / pseudo-code.
/Lars
next prev parent reply other threads:[~2010-06-22 19:16 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-22 18:16 randomly changing IPs from different subnets (Google Mail) Florian Effenberger
2010-06-22 18:19 ` Jan Engelhardt
2010-06-22 18:30 ` Florian Effenberger
2010-06-22 19:16 ` Lars Nooden [this message]
2010-06-23 8:53 ` Florian Effenberger
2010-06-23 9:33 ` Mart Frauenlob
2010-06-23 16:46 ` Florian Effenberger
2010-06-23 11:52 ` Lars Nooden
2010-06-23 11:54 ` Jan Engelhardt
2010-06-23 13:47 ` Lars Nooden
2010-06-23 13:52 ` John Haxby
2010-06-23 14:12 ` /dev/rob0
2010-06-23 14:36 ` Documentation (was Re: randomly changing IPs from different subnets (Google Mail)) Lars Nooden
2010-06-23 15:13 ` /dev/rob0
2010-06-23 16:00 ` Jan Engelhardt
2010-06-23 16:15 ` Lars Nooden
2010-06-23 16:36 ` Jan Engelhardt
2010-06-23 18:34 ` Grant Taylor
2010-06-23 18:41 ` Jan Engelhardt
2010-06-23 18:53 ` Grant Taylor
2010-06-24 6:17 ` Andrew Beverley
2010-06-24 16:45 ` Grant Taylor
2010-06-23 16:44 ` randomly changing IPs from different subnets (Google Mail) Florian Effenberger
2010-06-23 18:36 ` Grant Taylor
2010-06-22 19:18 ` Jan Engelhardt
2010-06-22 18:55 ` Jeff Largent
2010-06-23 1:09 ` /dev/rob0
2010-06-23 1:22 ` Mike Lay
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C210C24.9050605@gmail.com \
--to=lars.curator@gmail.com \
--cc=floeff@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.