<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><br></div><div><br></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Alex Carver" <agcarver+ale@acarver.net><br><b>To: </b>ale@ale.org<br><b>Sent: </b>Thursday, August 25, 2016 11:48:44 PM<br><b>Subject: </b>Re: [ale] Easy way to add and delete iptables rules<br></blockquote></div><div data-marker="__QUOTED_TEXT__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;">I would actually do something entirely different and use ipsets and the<br>PREROUTING chain.<br><br>Set up a new chain:<br><br>iptables -N bad_test_scores<br>iptables -A bad_test_scores -m set --match-set badtestscores src -j LOG<br>--log-prefix="bad test score:"<br>iptables -A bad_test_scores -m set --match-set badtestscores src -j REJECT<br>iptables -A PREROUTING -j bad_test_scores</blockquote><div><br></div><div>I may be missing something </div><div><br data-mce-bogus="1"></div><div>root@debian:/tmp# /tmp/t.sh <br>+ iptables -N bad_test_scores<br>+ iptables -A bad_test_scores -m set --match-set badtestscores src -j LOG --log-prefix='bad test score:'<br>+ iptables -A bad_test_scores -m set --match-set badtestscores src -j REJECT<br>+ iptables -A PREROUTING -j bad_test_scores<br>iptables: No chain/target/match by that name.</div><br></div></div></body></html>