How to combine a few addresses?

How to combine a few addresses?

[Vitaly]

How I can combine a few addresses in one rule? For
example, I'd like to add two IPs 10.10.10.1 and
10.10.10.2 to the same rule.


      ____________________________________________________________________________________
Tonight's top picks. What will you watch tonight? Preview the hottest shows on Yahoo! TV.
http://tv.yahoo.com/ 

Re: How to combine a few addresses?

[Martijn Lievaart]

Vitaly wrote:
> How I can combine a few addresses in one rule? For
> example, I'd like to add two IPs 10.10.10.1 and
> 10.10.10.2 to the same rule.
>
>   

Either use ipset (needs a patched kernel), or iprange (if the addresses 
are consecutive) or use a subchain, e.g:

-A -s 10.10.10.1 -j CUSTOM
-A -s 10.10.10.2 -j CUSTOM
-N CUSTOM
-A CUSTOM <rest of rule>


HTH,
M4

Re: How to combine a few addresses?

[Vitaly]

--- Martijn Lievaart <m@rtij.nl> wrote:

> Vitaly wrote:
> > How I can combine a few addresses in one rule? For
> > example, I'd like to add two IPs 10.10.10.1 and
> > 10.10.10.2 to the same rule.
> >
> >   
> 
> Either use ipset (needs a patched kernel), or
> iprange (if the addresses 
> are consecutive) or use a subchain, e.g:
> 
> -A -s 10.10.10.1 -j CUSTOM
> -A -s 10.10.10.2 -j CUSTOM
> -N CUSTOM
> -A CUSTOM <rest of rule>
> 
Thank you!
Subchains seem to be OK for my needs. But will
subchains work in case when I need to *exclude* some
IPs?

For example, can I add 10.10.10.2 to this rule using
subchain?

iptables -I INPUT -p tcp --dport 80  ! -s 10.10.10.1  
-m state --state NEW -m recent --set



       
____________________________________________________________________________________
Pinpoint customers who are looking for what you sell. 
http://searchmarketing.yahoo.com/

Re: How to combine a few addresses?

[Martijn Lievaart]

Vitaly wrote:
> --- Martijn Lievaart <m@rtij.nl> wrote:
>
>   
>> Vitaly wrote:
>>     
>>> How I can combine a few addresses in one rule? For
>>> example, I'd like to add two IPs 10.10.10.1 and
>>> 10.10.10.2 to the same rule.
>>>
>>>   
>>>       
>> Either use ipset (needs a patched kernel), or
>> iprange (if the addresses 
>> are consecutive) or use a subchain, e.g:
>>
>> -A -s 10.10.10.1 -j CUSTOM
>> -A -s 10.10.10.2 -j CUSTOM
>> -N CUSTOM
>> -A CUSTOM <rest of rule>
>>
>>     
> Thank you!
> Subchains seem to be OK for my needs. But will
> subchains work in case when I need to *exclude* some
> IPs?
>
> For example, can I add 10.10.10.2 to this rule using
> subchain?
>
> iptables -I INPUT -p tcp --dport 80  ! -s 10.10.10.1  
> -m state --state NEW -m recent --set
>   

Yes.

-I INPUT -p tcp --dport 80  -j CUSTOM
-A CUSTOM -s 10.10.10.1 -j RETURN
-A CUSTOM -s 10.10.10.2 -j RETURN
-A CUSTOM -m state --state NEW -m recent --set


HTH,
M4

Kernel crash. Are ipt_recent and ipt_conntrack culprit?

[Vitaly]

I run RHEL3 with kernel 2.4.21-32.0.1.ELsmp.
Yesterday morning I started to play with iptables on
this server and yesterday evening I had kernel crash
on this server.

My iptables contains just two rules, see script below

MAXHITS=70
iptables -F
rmmod ipt_recent
modprobe  ipt_recent  ip_pkt_list_tot=200
 
iptables -I INPUT -p tcp --dport 80  ! -s
10.10.10.0/24   -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80   ! -s
10.10.10.0/24    -m state --state NEW -m recent
--update --seconds 60 --hitcount $MAXHITS -j LOG
--log-prefix "http_limit_test "  --log-level="DEBUG"

I don't see reports about recent 2.4
kernel/ipt_recent/ip_conntrack  crashes. 
OTOH, this server worked many months without crashes
before I activate  iptables. 

Should I go to the latest RHEL3 kernel even I don't
see something relevant into kernel changelog? Other
suggestions? 

Thanks
Vitaly




      ____________________________________________________________________________________
Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7