* User defined chains to reduce/make more readable
@ 2017-07-26 8:03 Walter H.
2017-07-26 16:22 ` /dev/rob0
0 siblings, 1 reply; 2+ messages in thread
From: Walter H. @ 2017-07-26 8:03 UTC (permalink / raw)
To: netfilter
Hello,
I define this chain:
-N RESTRICT-HOST
-A RESTRICT-HOST -p icmp -j ACCEPT
-A RESTRICT-HOST -p udp --dport 123 -j ACCEPT
-A RESTRICT-HOST -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT
-A RESTRICT-HOST -j LOG --log-prefix "xxx: " --log-level 7
-A RESTRICT-HOST -j REJECT
and would use it like this:
-A FORWARD -i eth0 -o eth1 -s 192.168.1.1 -j RESTRICT-HOST
-A FORWARD -i eth0 -o eth1 -s 192.168.11.11 -j RESTRICT-HOST
-A FORWARD -i eth0 -o eth1 -s 192.168.111.111 -j RESTRICT-HOST
where eth0 is the LAN port and eth1 the WAN port of the router
is there a possibility where I can change these rules similar to these:
-A FORWARD -i eth0 -o eth1 -s 192.168.1.1 -j RESTRICT-HOST "game-pc: "
-A FORWARD -i eth0 -o eth1 -s 192.168.11.11 -j RESTRICT-HOST "office-pc: "
-A FORWARD -i eth0 -o eth1 -s 192.168.111.111 -j RESTRICT-HOST "tablet-pc: "
and a rule in the chain takes "game-pc: " instead of this "xxx: " as given
above?
Thanks,
Walter
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: User defined chains to reduce/make more readable
2017-07-26 8:03 User defined chains to reduce/make more readable Walter H.
@ 2017-07-26 16:22 ` /dev/rob0
0 siblings, 0 replies; 2+ messages in thread
From: /dev/rob0 @ 2017-07-26 16:22 UTC (permalink / raw)
To: netfilter
On Wed, Jul 26, 2017 at 10:03:22AM +0200, Walter H. wrote:
> I define this chain:
>
> -N RESTRICT-HOST
(For iptables-restore(8) the user chains are in the chain subsection
just under the built-in chains.)
> -A RESTRICT-HOST -p icmp -j ACCEPT
> -A RESTRICT-HOST -p udp --dport 123 -j ACCEPT
> -A RESTRICT-HOST -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT
> -A RESTRICT-HOST -j LOG --log-prefix "xxx: " --log-level 7
> -A RESTRICT-HOST -j REJECT
>
> and would use it like this:
>
> -A FORWARD -i eth0 -o eth1 -s 192.168.1.1 -j RESTRICT-HOST
> -A FORWARD -i eth0 -o eth1 -s 192.168.11.11 -j RESTRICT-HOST
> -A FORWARD -i eth0 -o eth1 -s 192.168.111.111 -j RESTRICT-HOST
>
> where eth0 is the LAN port and eth1 the WAN port of the router
>
> is there a possibility where I can change these rules similar to these:
>
> -A FORWARD -i eth0 -o eth1 -s 192.168.1.1 -j RESTRICT-HOST "game-pc: "
> -A FORWARD -i eth0 -o eth1 -s 192.168.11.11 -j RESTRICT-HOST "office-pc: "
> -A FORWARD -i eth0 -o eth1 -s 192.168.111.111 -j RESTRICT-HOST "tablet-pc: "
>
> and a rule in the chain takes "game-pc: " instead of this "xxx: "
> as given above?
That would be a cool feature, to basically set a variable in a rule
and [possibly] subsequently use it in a LOG or other rule later.
AFAIK that feature does not exist. (Yet? :) )
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-07-26 16:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-07-26 8:03 User defined chains to reduce/make more readable Walter H.
2017-07-26 16:22 ` /dev/rob0
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.