iptables: How to specify multiple address

I have to MARK the packets which originates from 10.1.1.0/24 but NOT to
the destinations 192.168.1.0/24 and 172.16.1.0/24.

iptables -t mangle -A PREROUTING -s 10.1.1.0/24 -d ! 192.168.1.0/24 and
! 172.16.1.0/24 -j MARK --set-mark 0x4

Of course the above does not work.
How to specify two different subnet destinations with iptables?

(E-Mail Removed) wrote:
> I have to MARK the packets which originates from 10.1.1.0/24 but NOT to
> the destinations 192.168.1.0/24 and 172.16.1.0/24.
>
> iptables -t mangle -A PREROUTING -s 10.1.1.0/24 -d ! 192.168.1.0/24 and
> ! 172.16.1.0/24 -j MARK --set-mark 0x4
>
> Of course the above does not work.
> How to specify two different subnet destinations with iptables?

Jy mark the one range eg. 10.1.1.0/24. Thats it.

iptables -t mangle -A PREROUTING -s 10.1.1.0/24 -j MARK --set-mark 0x4

It will then only mark 10.1.1.0/24... I Think.

I don't really know what you are doing as I have never before needed to
use the mangle tables.

Hi -

On 10 Jul 2006 02:16:20 -0700, (E-Mail Removed) wrote:

>I have to MARK the packets which originates from 10.1.1.0/24 but NOT to
>the destinations 192.168.1.0/24 and 172.16.1.0/24.
>
>iptables -t mangle -A PREROUTING -s 10.1.1.0/24 -d ! 192.168.1.0/24 and
>! 172.16.1.0/24 -j MARK --set-mark 0x4
>
>Of course the above does not work.
>How to specify two different subnet destinations with iptables?

The simplest way that comes to mind is to have -s 10.1.1.0/24 jump to
user chain.

In the user chain if -d 192.168.1.0/24 RETURN, if -d 172.16.1.0/24
RETURN, set the mark.

--
Ken
http://www.kensims.net/