Pascal Hambourg wrote: > Hello, > > franck a écrit : >> >> I have got some iptables rules suche as : >> >> Code: >> >> iptables -A OUTPUT -o eth0 -p tcp -d pop.mail.yahoo.co.uk >> --dport 110 --sport $UNPRIVPORTS -m state --state >> NEW,ESTABLISHED,RELATED -j ACCEPT >> iptables -A OUTPUT -o eth0 -p tcp -d pop.1and1.fr --dport 110 >> --sport $UNPRIVPORTS -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT >> iptables -A INPUT -i eth0 -p tcp -s pop.mail.yahoo.co.uk --sport >> 110 --dport $UNPRIVPORTS -m state --state ESTABLISHED,RELATED -j ACCEPT >> iptables -A INPUT -i eth0 -p tcp -s pop.1and1.fr --sport 110 >> --dport $UNPRIVPORTS -m state --state ESTABLISHED,RELATED -j ACCEPT >> >> and I would like to put them on only two lines. > > Note that pop.1and1.fr resolves into two IP addresses, so the related > iptables commands create two separate rules, one for each IP address. > >> Is that possible ? > > I cannot see any simple way. Maybe with "ipset". > Why is it so important ? It is not that important, I just wondered whether it was possible or not. My file would have been easier to read, that is it. I will take a look at ipset. > > Note : POP3 packets never match the RELATED state, so you can remove it. > Ok. Good to know.
Thanks. > -- Franck Joncourt http://www.debian.org http://smhteam.info/wiki/ GPG server : pgpkeys.mit.edu Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE ___________________________________________________________ Try the all-new Yahoo! Mail. "The New Version is radically easier to use" The Wall Street Journal http://uk.docs.yahoo.com/nowyoucan.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
