iptables and IP range ban on a specific adapter
Hey everybody,
I'm trying to make a ban script with iptables but I'm not having much luck right now. What exactly I'm trying to do is to ban a range of IPs on an adapter. Let's say I want to drop all connections from 192.168.1.10 to 192.168.1.20. How should I do that ? I thought that Code:
local="eth0" Could you enlighten me what's the correct command ? Thanks in advance, alpha_hack |
from 'man iptables'
Quote:
|
Quote:
As in the example of man - 192.168.1.0/24 would be equal to 192.168.1.1-192.168.1.255. |
Quote:
Now you may well think that 192.168.1.10-192.168.1.20 ought to work and just be an alias for the /24 form, but the evidence seems to be that it isn't recognised. |
Quote:
I think I didn't made myself clear in my previous post. I was just trying to make comparison between /24 and --src-range so you'd get better what I'm trying to do. I want to be able to drop only certain IP range. Therefor I should be using "--src-range" which is used for IP address range -> "192.168.1.10-192.168.1.20". But my problem comes from the network adapter. I want to be able to ban that range on a certain network adapter. If you try this code: Code:
IPTABLES="/usr/sbin/iptables" Maybe this is not the right approach but I just can't think of anything else that would do the same thing. If I use the CIDR notation I'd be banning a subnet of 254 / 252 / 248 / 240 / 224 / 192 / 128 or 256 hosts. Depending on that you'd enter /24, /25 or etc. I don't need to ban a subnet. I need to ban a range of IPs on a network adapter. Does anybody know how to do that ? |
Thanks for the help.
I've managed to get what I needed. If you are trying to do something like me this is the way you should go: Code:
IPTABLES='/usr/sbin/iptables' Code:
Chain INPUT (policy DROP 3 packets, 217 bytes) Hopefully I helped you. :P More info at http://iptables-tutorial.frozentux.n...-tutorial.html :) |
All times are GMT -5. The time now is 11:19 PM. |