Answer the question
In order to leave comments, you need to log in
A
A
Artem Sorokin2017-05-30 00:28:44
Artem Sorokin, 2017-05-30 00:28:44
How to properly configure iptables with ipset?
Good afternoon!
I'm trying to figure out how to set up iptables. The task is as follows: a certain IP address of the network should be given access to / from a certain set of IP addresses recorded in one of the ipset sets, and packets to / from other IP addresses should be dropped.
Wrote the following rules:
iptables -I FORWARD 1 -s 192.168.1.35 -m set --match-set MYSET src,dst -j ACCEPT
iptables -I FORWARD 2 -d 192.168.1.35 -m set --match-set MYSET src,dst -j ACCEPT
iptables -I FORWARD 3 -s 192.168.1.35 -j DROP
iptables -I FORWARD 4 -d 192.168.1.35 -j DROPThe result is that all packets from the device are dropped, as if the first two rules do not exist.
Set MYSET is created correctly, checked (ipset -L MYSET).
2 answer(s)
@badmilkman
@krosh
O
Oleg Batalov, 2017-05-30 @badmilkman
Try
iptables -I FORWARD 1 -s 192.168.1.35 -m set --match-set MYSET dst -j ACCEPT
iptables -I FORWARD 2 -d 192.168.1.35 -m set --match-set MYSET src -j ACCEPT
K
krosh, 2017-05-31 @krosh
iptables -I FORWARD 1 -m state --state RELATED,ESTABLISHED -m comment --comment "РАЗРЕШЕНО Установленные соединения" -j ACCEPT
iptables -I FORWARD 2 -s 192.168.1.35 -m set --match-set MYSET dst -m comment --comment "РАЗРЕШЕНО Доступ по списку MYSET" -j ACCEPT
iptables -P FORWARD DROP
Similar questions
I
Ilya Derevyannykh2020-10-07 22:21:50
Is it possible to automatically change prices in Woocommerc?
4Reply
B
H
B
K
Ksyusha2016-05-03 13:25:38
Debian. How to send message from user to user using mail and postfix?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question