thr3ads.net - netfilter buglog - [Bug 667] Rule compression opportunity [Mar 2011]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.netfilter.org

2011-Mar-16 23:04 UTC

[Bug 667] Rule compression opportunity

http://bugzilla.netfilter.org/show_bug.cgi?id=667


Jozsef Kadlecsik <kadlec at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kadlec at netfilter.org




--- Comment #2 from Jozsef Kadlecsik <kadlec at netfilter.org>  2011-03-17
00:04:01 ---
As Jan wrote, you can collect all entries in a set say "banned" and
then you
can use the rules

iptables -A INPUT -m set --match-set banned src -j DROP
iptables -A OUTPUT -m set --match-set banned dst -j DROP

And similarly, in the FORWARD chain.

So with ipset the issue can be solved nicely.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

netfilter buglog - Mar 2011 - [Bug 667] Rule compression opportunity

[Bug 667] Rule compression opportunity