Re: iptables rules : two in one

To: "debian-firewall@lists.debian.org" <debian-firewall@lists.debian.org>
Subject: Re: iptables rules : two in one
From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Date: Sat, 30 Sep 2006 18:55:03 +0200
Message-id: <[🔎] 451EA167.6050503@plouf.fr.eu.org>
In-reply-to: <[🔎] 451E82E7.5070208@yahoo.co.uk>
References: <[🔎] 451E82E7.5070208@yahoo.co.uk>

Hello,

franck a écrit :


I have got some iptables rules suche as :

Code:

        iptables -A OUTPUT -o eth0 -p tcp -d pop.mail.yahoo.co.uk
--dport 110 --sport $UNPRIVPORTS -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
        iptables -A OUTPUT -o eth0 -p tcp -d pop.1and1.fr --dport 110
--sport $UNPRIVPORTS -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
        iptables -A INPUT -i eth0 -p tcp -s pop.mail.yahoo.co.uk --sport
110 --dport $UNPRIVPORTS -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -A INPUT -i eth0 -p tcp -s pop.1and1.fr --sport 110
--dport $UNPRIVPORTS -m state --state ESTABLISHED,RELATED -j ACCEPT

and I would like to put them on only two lines.

Note that pop.1and1.fr resolves into two IP addresses, so the relatediptables commands create two separate rules, one for each IP address.

Is that possible ?


I cannot see any simple way. Maybe with "ipset".
Why is it so important ?

Note : POP3 packets never match the RELATED state, so you can remove it.

Reply to:

Follow-Ups:
- Re: iptables rules : two in one
  - From: franck <joncourt_franck@yahoo.co.uk>

References:
- iptables rules : two in one
  - From: franck <joncourt_franck@yahoo.co.uk>

Prev by Date: iptables rules : two in one
Next by Date: Re: iptables rules : two in one
Previous by thread: iptables rules : two in one
Next by thread: Re: iptables rules : two in one
Index(es):
- Date
- Thread