[ale] Easy way to add and delete iptables rules

Alex Carver agcarver+ale at acarver.net
Fri Aug 26 17:03:08 EDT 2016


On 2016-08-26 05:58, Chris Fowler wrote:
> 
> 
> --------------------------------------------------------------------------------
> 
>     *From: *"Alex Carver" <agcarver+ale at acarver.net>
>     *To: *ale at ale.org
>     *Sent: *Thursday, August 25, 2016 11:48:44 PM
>     *Subject: *Re: [ale] Easy way to add and delete iptables rules
> 
>     I would actually do something entirely different and use ipsets and the
>     PREROUTING chain.
> 
>     Set up a new chain:
> 
>     iptables -N bad_test_scores
>     iptables -A bad_test_scores -m set --match-set badtestscores src -j LOG
>     --log-prefix="bad test score:"
>     iptables -A bad_test_scores -m set --match-set badtestscores src -j REJECT
>     iptables -A PREROUTING -j bad_test_scores
> 
> 
> I may be missing something
> 
> root at debian:/tmp# /tmp/t.sh
> + iptables -N bad_test_scores
> + iptables -A bad_test_scores -m set --match-set badtestscores src -j LOG 
> --log-prefix='bad test score:'
> + iptables -A bad_test_scores -m set --match-set badtestscores src -j REJECT
> + iptables -A PREROUTING -j bad_test_scores
> iptables: No chain/target/match by that name.

Can you be more specific about which of the four commands failed? :)

The overall idea, just create a permanent chain that is going to point
to an ipset hash table.  Then you only edit the ipset hash table and
never touch iptables again.



More information about the Ale mailing list