"NOT" Addresses for matching

[anonymous]

I have a moderately complicated setup with two ADSL routers and four internal networks. I would /like/ to be able to say "any address EXCEPT these". I remember that I could use something like "!192.168.0.0/16" to say "not my subnets".. This is because I have other servers in the DMZs which I want to treat specially, so it'd be nice to say "Any traffic coming in through eth0 (external on 192.168.1.x) EXCEPT traffic originating in one of my local DMZ lans". It's possible with two or more rules, so this is a minor enhancement....