I'm going to build connection load balancer, which will select route depending on last bits of destination address. It means I need a rule which will work as reversed CIDR. Is there any extension to iptables with will have such functionality ?
Asked
Active
Viewed 279 times
1 Answers
2
The --dst filter allows you to specify the netmask in dotted decimal notation (i.e. without the CIDR numeric prefix length shorthand). Here's a rule that will log all packets that go to a host with a destination address ending in 127:
iptables -I FORWARD --dst 0.0.0.127/0.0.0.255 -j LOG
Jan Böcker
- 170
- 5