IPTables : How to make file for Multiple Destination Address

Christopher Chan christopher.chan at bradbury.edu.hk
Mon Oct 4 22:10:47 UTC 2010


NoOp wrote:
> On 10/04/2010 06:32 AM, Christopher Chan wrote:
>> Karl Auer wrote:
>>> On Mon, 2010-10-04 at 19:38 +0800, Christopher Chan wrote:
>>>>> What is it possible if I want to make multiple destination address of 
>>>>> these rule above to moved with a list file that created ?
>>>>> If yes, let me know how the rule of this issue ?
>>>> Try combining with ipset.
>>> I'd never heard of ipset. Thanks!
>>>
>> No problem. I would not have heard of it either had it not been a need 
>> to firewall thousands of ips and ip ranges in a previous job I had. 
>> OpenBSD and pf rules!
>>
> 
> Might be worth a read:
> https://launchpad.net/ubuntu/+source/ipset/+bugs
> http://manpages.ubuntu.com/manpages/lucid/man8/ipset.8.html
> 

Not read them links but it has been at least half a decade since ipset 
came out...if it still has outstanding issues then I guess it has to be 
OpenBSD if you need to make rules involving thousands of ip addresses 
and ip ranges.

FreeBSD has had pf ported over from OpenBSD but I wonder how stable and 
good its implementation is...




More information about the ubuntu-users mailing list