[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Easy way to add and delete iptables rules
On 2016-08-26 05:58, Chris Fowler wrote:
>
>
> --------------------------------------------------------------------------------
>
> *From: *"Alex Carver" <agcarver+ale at acarver.net>
> *To: *ale at ale.org
> *Sent: *Thursday, August 25, 2016 11:48:44 PM
> *Subject: *Re: [ale] Easy way to add and delete iptables rules
>
> I would actually do something entirely different and use ipsets and the
> PREROUTING chain.
>
> Set up a new chain:
>
> iptables -N bad_test_scores
> iptables -A bad_test_scores -m set --match-set badtestscores src -j LOG
> --log-prefix="bad test score:"
> iptables -A bad_test_scores -m set --match-set badtestscores src -j REJECT
> iptables -A PREROUTING -j bad_test_scores
>
>
> I may be missing something
>
> root at debian:/tmp# /tmp/t.sh
> + iptables -N bad_test_scores
> + iptables -A bad_test_scores -m set --match-set badtestscores src -j LOG
> --log-prefix='bad test score:'
> + iptables -A bad_test_scores -m set --match-set badtestscores src -j REJECT
> + iptables -A PREROUTING -j bad_test_scores
> iptables: No chain/target/match by that name.
Can you be more specific about which of the four commands failed? :)
The overall idea, just create a permanent chain that is going to point
to an ipset hash table. Then you only edit the ipset hash table and
never touch iptables again.