Thanks!
Yes, I plan to document!
And I’ll document the ipset / ASN version. I used location → ipset → iptables match-set
The location package makes this VERY easy!
ASN=16509
location list-networks-by-as --format=ipset --family=ipv4 ${ASN} > "/etc/ipset/AS${ASN}.ipset"
ipset restore < "/etc/ipset/AS${ASN}.ipset"
.
and the above feeds this…
iptables -t nat -N BYPASS
iptables -t nat -A CUSTOMPREROUTING -s 192.168.60.218/32 -p tcp -m tcp --dport 80 -j BYPASS
iptables -t nat -A BYPASS -m set --match-set "AS${ASN}v?" dst -j ACCEPT
EDIT : updated code blocks