LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Blocking IP ranges to the Internet (http://www.linuxquestions.org/questions/linux-security-4/blocking-ip-ranges-to-the-internet-484637/)

caps_phisto 09-18-2006 09:25 AM

Blocking IP ranges to the Internet
 
Here is my scenario:

I have setup DHCP on a network with set ranges for valid IPs I want passed out. The range is 192.168.101.75-200

I have noticed that there are certain people on this network (the network is for Internet access) that have statically given themselves IP addresses outside my predefined ranges.

I would like to block them via IPTables so that they cannot get anywhere with their addresses.

Would the following command via IPTables work:
Code:

iptables -A INPUT -s 192.168.101/26 -j DROP
I think that line would drop any packets coming in from 192.168.101.[192-255] to be dropped? Am I correct in assuming that?

Also what would be the rule to drop traffic from IPs below 75 (except my gateway which is on 192.168.101.1)?

Thanks in advance

caps_phisto 09-18-2006 10:19 AM

Found the answer here is the correct IPTables syntax:

Code:

iptables -A INPUT -m iprange --src-range 192.168.101.200-192.168.101.254 -j DROP
That would drop access from 192.168.1.200-255.


All times are GMT -5. The time now is 03:46 AM.