search for: gw_address

...289.y.y/28 etc... I will have around 100 rules for upload and 100 for download Is there any possibility to use something like: -s 172.17.0.0/16 -d !195.229.x.x/24, !193.289.y.y/28, ... As in to use something like ipset Or, Match the packets by the next-hop address... -m nexthop --next-hop GW_ADDRESS Unfortunately ipset cannot be used for this scenario, and the old nexthop patch was not accepted in the pom tree. Does anybody have an old copy of the nexthop patch (https://lists.netfilter.org/pipermail/netfilter-devel/2003-November/013216. html), or any other idea... Thanks, Mihai