[Bug 667] Rule compression opportunity
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Thu Mar 17 00:04:01 CET 2011
http://bugzilla.netfilter.org/show_bug.cgi?id=667
Jozsef Kadlecsik <kadlec at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kadlec at netfilter.org
--- Comment #2 from Jozsef Kadlecsik <kadlec at netfilter.org> 2011-03-17 00:04:01 ---
As Jan wrote, you can collect all entries in a set say "banned" and then you
can use the rules
iptables -A INPUT -m set --match-set banned src -j DROP
iptables -A OUTPUT -m set --match-set banned dst -j DROP
And similarly, in the FORWARD chain.
So with ipset the issue can be solved nicely.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the netfilter-buglog
mailing list