I currently have one IP Set containing all the source addresses whitelisted for access to my web server. It's working great and looks like this:
config ipset
option name 'allowed_ips'
option match 'src_net'
option storage 'hash'
option enabled '1'
list entry '54.168.100.1/32'
list entry '123.200.100.2/32'
config redirect
option name 'web_server'
option src 'wan'
option ipset 'allowed_ips'
option dest_port '80'
option src_dport '80'
option target 'DNAT'
option dest_ip '192.168.1.10'
option dest 'lan'
list proto 'tcp'
But because I have a need to label each source IP, I need each IP to be in its own IP Set like this:
config ipset
option name 'allowed_ip_1'
option match 'src_net'
option storage 'hash'
option enabled '1'
list entry '54.168.100.1/32'
config ipset
option name 'allowed_ip_2'
option match 'src_net'
option storage 'hash'
option enabled '1'
list entry '123.200.100.2/32'
The problem is how to assign these multiple IP Sets to a redirect rule, I tried this:
config redirect
option name 'web_server'
option src 'wan'
option ipset 'allowed_ip_1'
option ipset 'allowed_ip_2'
and this:
config redirect
option name 'web_server'
option src 'wan'
option ipset 'allowed_ip_1,allowed_ip_2'
and this:
config redirect
option name 'web_server'
option src 'wan'
option ipset 'allowed_ip_1', 'allowed_ip_2'
and this
config redirect
option name 'web_server'
option src 'wan'
option ipset "'allowed_ip_1', 'allowed_ip_2'"
but none worked. I am not sure this is even supported but wanted to check before writing it off. Thank you.