Pascal Hambourg <pas...@plouf.fr.eu.org> wrote: >Hello, > >Bill.M a écrit : >> >> In IPTables one can specify multiple addresses, and multiple ports, >but >> is there anyway to specify multiple interfaces. >> >> For example, -m multiport --destination-port 22,25,80 >> >> Or -s 1.2.3.4,1.2.3.5,1.2.3.7 or -s 1.2.3.4:1.2.3.10 > >In addition to David's answer : >Unless recent change I am not aware of, you cannot specify an address >range in -s or -d. You must use the "iprange" match instead (or ipset >if >your kernel supports it). Also, note that specifying multiple >comma-separated addresses or prefixes in -s or -d will result in >multiple rules being actually created, which can have undesirable >side-effects and impact efficiency.
The speed impact of a small rule set is negligible. One ipset vs 20 rules, yes please - it's easier to look at. Also, idk any way to match interface with ipset - ip and port (even src and dst in one line) but not interface. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d539f94-5809-483f-bfa8-fc50e6e73...@email.android.com
