I really need to do more study on ipset . This post is just a reminder for
myself.
Example #1:
ipset -N myset iphash
ipset -A myset 1.1.1.1
ipset -A myset 2.2.2.2
iptables -A INPUT -m set --set myset src -j DROP
Example #2:
ipset -N routed_nets nethash
ipset -A routed_nets 10.30.30.0/24
ipset -A routed_nets 10.40.40.0/24
ipset -A routed_nets 192.168.4.0/23
ipset -A routed_nets 172.22.0.0/22
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 \
-m set ! --set routed_nets dst -j MASQUERADE
Ref: Linux Journal (October 2011)
No comments:
Post a Comment