| Description | Version | Status* | Temporary fix |
|---|---|---|---|
| compilation errors on older kernels or older iptables | 0.1.0 | pending | uncomment #define HAVE_XT_MATCH_PARAM on .c files |
# iptables -m privateip -h [...] privateip match options: --private-ip [!]src --private-ip [!]dst --private-ip [!]srcOP[!]dst where OP is one of +,^= (and/or/xor/same)Operator table:
| operator | description | example | example explanation |
|---|---|---|---|
| + | AND | src+!dst | match from (any) private to non-private |
| , | OR | src,dst | match from (any) private or to (any) private |
| ^ | XOR | src^dst | match from (any) private to non-private or from non-private to (any) private (would be equal to: (src+!dst),(!src+dst) but this extension does not support complex syntax) |
| = | (the) SAME (pool) | src=dst | match from private pool to the same private pool (-s 192.168.0.0/16 -d 192.168.0.0/16 || -s 10.0.0.0/8 -d 10.0.0.0/8 || ... – this is not the same as src+dst) |
# iptables -A test -m privateip --private-ip dst -j DROPTo drop packets from private or to private:
# iptables -A test -m privateip --private-ip src,dst -j DROPTo count packets from 10.0.0.0/8 to 10.0.0.0/8 or from 172.16.0.0/12 to 172.16.0.0/12 or from 192.168.0.0/16 to 192.168.0.0/16:
# iptables -A test -m privateip --private-ip src=dst
