FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User
Reload this Page IPTables : How to make file for Multiple Destination Address

 
 
LinkBack Thread Tools
 
Old 10-04-2010, 09:24 AM
Anggi Lesmana
 
Default IPTables : How to make file for Multiple Destination Address
Dear Ubunters,



I would like to make simple (not long) rule of my iptables configuration. There is an example below.



-A FORWARD -p tcp -m multiport --dports 119,5000:5200,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 98.137.132.14/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 64.14.68.75/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 206.190.60.37/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 68.180.206.184/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 64.14.68.75/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 64.14.68.75/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 64.14.68.75/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 64.14.68.75/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 98.137.132.14/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 98.137.132.14/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 98.137.132.14/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 98.136.112.81/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 124.108.120.31/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT

-A FORWARD -d 68.180.190.124/32 -p tcp -m multiport --dports 80:82,443,5000:5050,5150,5101,1638,8000:8002 -m mac --mac-source 00:1F:C6:86:B7:A0 -m comment --comment "ULLA" -j ACCEPT



What is it possible if I want to make multiple destination address of these rule above to moved with a list file that created ?

If yes, let me know how the rule of this issue ?



Thanks.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 10-04-2010, 10:44 AM
Karl Auer
 
Default IPTables : How to make file for Multiple Destination Address
On Mon, 2010-10-04 at 16:24 +0700, Anggi Lesmana wrote:
> What is it possible if I want to make multiple destination address of
> these rule above to moved with a list file that created ?

Look at the ipt_recent module for iptables. It's in the man page. You
can set up a list of IP addresses which are loaded when iptables starts,
then refer to the list by name in your rules. You can have multiple
lists with different names, so you can have various lists for different
purposes.

I have not used ipt_recent myself, so cannot comment on its reliability
or performance or anything else, but it looks like what you need.

In general you can optimise a list of rules by finding commonality
between them, and setting up separate tables ("chains") to handle that
commonality.

For example, the MAC address is common to your sample rules, so you
might set up a table for that MAC address and jump to it. Then it only
needs a single comparison. A rule can end in RETURN, which transfers
control back to the table that next rule in the calling table, so you
can set up "subroutines".

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/kauer/ +61-428-957160 (mob)

GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 11:34 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -