I’m trying to create a iptables entry to redirect a list of ip’s to another port.
Using ipset I can setup and add lists of ip’s and reject them with this command
iptables -t nat -A INPUT -p tcp -m tcp -m set -j REJECT --reject-with icmp-port-unreachable --match-set myipsetlist src
I have also found this command to route ports to work
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
My question is there anyway to combine the two?
Preroute 80 to 8080 if ip in ipset?
If not with iptables, is there another way I could do this?
Of course you can do that. Try adding the obvious:
-m set --match-set myipsetlist src
to your rule, which will then become:
-A PREROUTING -p tcp -m tcp --dport 80 -m set --match-set myipsetlist src -j REDIRECT --to-ports 8080
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.