[LEDE-DEV] Adding firewall extensions for xt_geoip usage
Kevin Darbyshire-Bryant
kevin at darbyshire-bryant.me.uk
Sat Dec 9 00:32:09 PST 2017
> On 9 Dec 2017, at 01:15, Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
>
>
> config rule
> option name kaspersky_servers
> option proto tcp
> option dest_port 25
> list src 81.176.69.118
> list src 81.176.230.4
> list src 91.103.66.246
> list src 91.103.66.248
> option target ACCEPT
<snip>
As an aside/afterthought: Did you know dnsmasq can fill in addresses of ipsets for you
--ipset=/<domain>[/<domain>...]/<ipset>[,<ipset>...]
Places the resolved IP addresses of queries for one or more domains in the specified Netfilter IP set. If multiple setnames are given, then the addresses are placed in each of them, subject to the limitations of an IP set (IPv4 addresses cannot be stored in an IPv6 IP set and vice versa). Domains and subdomains are matched in the same way as --address. These IP sets must already exist. See ipset(8) for more details.
Cheers,
Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20171209/f82e7388/attachment.sig>
More information about the Lede-dev
mailing list