Pascal Hambourg wrote: > franck a écrit : > [merge rules] >> It is not that important, I just wondered whether it was possible or >> not. My file would have been easier to read, that is it. > > If you want a file easier to read, my advice is that you group rules > which have common matches into user-defined chains. For instance : > > iptables -N pop3_out_request > iptables -A OUTPUT -o eth0 -p tcp --dport 110 --sport $UNPRIVPORTS \ > -m state --state NEW,ESTABLISHED -j pop3_out_request > iptables -A pop3_out_request -d pop.mail.yahoo.co.uk -j ACCEPT > iptables -A pop3_out_request -d pop.1and1.fr -j ACCEPT > > iptables -N pop3_in_reply > iptables -A INPUT -i eth0 -p tcp --sport 110 --dport $UNPRIVPORTS \ > -m state --state ESTABLISHED -j pop3_in_reply > iptables -A pop3_in_reply -s pop.mail.yahoo.co.uk -j ACCEPT > iptables -A pop3_in_reply -s pop.1and1.fr -j ACCEPT > > It does not make less rules, but simpler rules. > >
Great. I have already seen this before, but I should say, I have never used it. Now, I know how useful it can be. -- Franck Joncourt http://www.debian.org http://smhteam.info/wiki/ GPG server : pgpkeys.mit.edu Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE ___________________________________________________________ All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine http://uk.docs.yahoo.com/nowyoucan.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
