IPTables : How to make file for Multiple Destination Address

[Karl Auer]

On Mon, 2010-10-04 at 16:24 +0700, Anggi Lesmana wrote:
> What is it possible if I want to make multiple destination address of
> these rule above to moved with a list file that created ?

Look at the ipt_recent module for iptables. It's in the man page. You
can set up a list of IP addresses which are loaded when iptables starts,
then refer to the list by name in your rules. You can have multiple
lists with different names, so you can have various lists for different
purposes.

I have not used ipt_recent myself, so cannot comment on its reliability
or performance or anything else, but it looks like what you need.

In general you can optimise a list of rules by finding commonality
between them, and setting up separate tables ("chains") to handle that
commonality.

For example, the MAC address is common to your sample rules, so you
might set up a table for that MAC address and jump to it. Then it only
needs a single comparison. A rule can end in RETURN, which transfers
control back to the table that next rule in the calling table, so you
can set up "subroutines".

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)

GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20101004/7d6a27fd/attachment.sig>