Why not allow DNAT in INPUT as well?
Fri, 13 Jul 2001 10:46:05 +0100
On 12 Jul 01 at 21:45, Nevo Hed wrote:
> Hi All,
> If I have 10 ports with 10 addresses I dont want 10 rules for every
> DNAT'ed port. With just 10 ports it can become very hairy.
> In my case (and I realize that is not common) I don't care which of my
> IP addresses matched.
Why not have 10 rules, one matching each of your 10 IP addresses, with a
user-defined chain as the target, and then put all your 'real' rules into
that chain, so you can process anything which gets into the chain
independently of what its destination IP address was ?