* Dynamic chain alternatives
@ 2006-11-20 1:23 Gary W. Smith
2006-11-20 6:55 ` Sven Schuster
0 siblings, 1 reply; 3+ messages in thread
From: Gary W. Smith @ 2006-11-20 1:23 UTC (permalink / raw)
To: netfilter
I have a need to create a dynamic table in that will have random IP's
inserted and deleted on a regular basis. Currently we do this by
creating a chain at load time and on a scheduled basis we flush that
chain and then to a iptables-restore -n < dynamic_rules.txt.
Is there a better approach to doing this?
Gary Wayne Smith
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Dynamic chain alternatives
2006-11-20 1:23 Dynamic chain alternatives Gary W. Smith
@ 2006-11-20 6:55 ` Sven Schuster
2006-11-20 16:21 ` Gary W. Smith
0 siblings, 1 reply; 3+ messages in thread
From: Sven Schuster @ 2006-11-20 6:55 UTC (permalink / raw)
To: Gary W. Smith; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 730 bytes --]
Hi Gary,
On Sun, Nov 19, 2006 at 05:23:53PM -0800, Gary W. Smith told us:
> I have a need to create a dynamic table in that will have random IP's
> inserted and deleted on a regular basis. Currently we do this by
> creating a chain at load time and on a scheduled basis we flush that
> chain and then to a iptables-restore -n < dynamic_rules.txt.
>
> Is there a better approach to doing this?
what about using ipset??
http://www.netfilter.org/projects/ipset/index.html
hope that helps,
Sven
> Gary Wayne Smith
>
--
Linux zion.homelinux.com 2.6.18-1.2849.fc6xen #1 SMP Fri Nov 10 13:56:52 EST 2006 i686 athlon i386 GNU/Linux
07:54:34 up 4 days, 9:12, 1 user, load average: 0.07, 0.13, 0.13
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: Dynamic chain alternatives
2006-11-20 6:55 ` Sven Schuster
@ 2006-11-20 16:21 ` Gary W. Smith
0 siblings, 0 replies; 3+ messages in thread
From: Gary W. Smith @ 2006-11-20 16:21 UTC (permalink / raw)
To: Sven Schuster; +Cc: netfilter
That should work. Thanks.
-----Original Message-----
From: Sven Schuster [mailto:schuster.sven@gmx.de]
Sent: Sunday, November 19, 2006 10:55 PM
To: Gary W. Smith
Cc: netfilter@lists.netfilter.org
Subject: Re: Dynamic chain alternatives
Hi Gary,
On Sun, Nov 19, 2006 at 05:23:53PM -0800, Gary W. Smith told us:
> I have a need to create a dynamic table in that will have random IP's
> inserted and deleted on a regular basis. Currently we do this by
> creating a chain at load time and on a scheduled basis we flush that
> chain and then to a iptables-restore -n < dynamic_rules.txt.
>
> Is there a better approach to doing this?
what about using ipset??
http://www.netfilter.org/projects/ipset/index.html
hope that helps,
Sven
> Gary Wayne Smith
>
--
Linux zion.homelinux.com 2.6.18-1.2849.fc6xen #1 SMP Fri Nov 10 13:56:52
EST 2006 i686 athlon i386 GNU/Linux
07:54:34 up 4 days, 9:12, 1 user, load average: 0.07, 0.13, 0.13
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-11-20 16:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-11-20 1:23 Dynamic chain alternatives Gary W. Smith
2006-11-20 6:55 ` Sven Schuster
2006-11-20 16:21 ` Gary W. Smith
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.