Multiple Address specification or match
Henrik Nordstrom
hno at marasystems.com
Thu Sep 30 13:38:10 CEST 2004
On Thu, 30 Sep 2004, Temp02 wrote:
> The problem with the IPset/pool options are that they match only on a range
> of addresses, not specifically by source or destination
Eh? They match specificaly on either source or destination.
> also they seem to require the use of another userspace program to
> actually build the sets which in itself complicates the process.
True.
> Is it hard to extend the source and destination match functions to accept
> multiple arguments?
Yes and no.
It is not hard to make a custom match matching multiple IP addresses, but
it would be restricted in the number of addresses you can match.
If you need to group very many addresses then ippool/ipset is the correct
tool.
Regards
Henrik
More information about the netfilter-devel
mailing list