how to define a specific range of IPs and/or multiple IPs in an iptables rule?...
how can I define a customized range of IPs (a segment from 192.168.0.0/24) or multiple IPs in a single iptables rule?...
...if possible at all...
like for example if you want to define source ports form 10 to 25 you type "--sport 10:25" or if you want to use multiple ports you type "-m multiport --sport 3,6,7,32"
...and you don't need to type one and the same rule for each port...
I need to do the same thing for IPs...
using the netmask does not work for me, since the ranges I need to define are custom...
if anyone can help me do this in iptables rule or using external script that will export the IPs - the beer is on me... :-)
10x in advance...
It's as simple as:
In this case there's a netfilter patch available... i don't think it passed stable yet, so probably you'll need patch'o'matic: www.netfilter.org
You could also try this (wasn't aware of the patch before I started it)
phew! pure rock'n'roll
ah, yeah!... :-)
10x for that script - that's about what I ment and it works for me...
as I said - the beer is on me... :-)
No prob, I could use a cold one.
You could make it more useful for multiple ranges by taking an argument to it.
That would allow you to replace all times $range1 is used in the function with
$*. Then you could use it for multiple rangers, however you'd bestill be restricted
to one generic ruleset.
255 output messages :)
10x for that too... :-)
it may get in use in future times since now I have a very complicated firewall and with slight exclusions almost every machine or custom range have it's own rules, access and restrictions...
how about having multiple IPs but not a range?...
...like for example 192.168.0.15, 192.168.0.31 and 192.168.0.134...
currently in such cases I just have a rule for each machine, but it's slower to maintain when some change in the rule is needed - I have to change it for all the machines...
if I was able to define multiple machines in one rule, when a change is needed I'll have to change only one rule... :-)
I was told something for multiple usage of "-s" or "-d" in the rule, like:
iptables -A INPUT -s 192.168.0.15 -s 192.168.0.31 -s 192.168.0.134 -j ACCEPT
...but I haven't been able to test it yet, so I don't know if it actually works and if there's some impact on the performace of the firewall...
any ideas will be appreciated... :-)
I tried the multiple -s and -d flags and it gave me a message saying it
wasn't allowed. The way I currently load specific ips or ports is by
having a seperate file, and reading the entries out of there with awk.
Here is a quick example.
the path to the file), and then put it into the variable $i. I put the !/c/ in the awk to stop
it from reading rows that contain the letter c in it. Here's an example file
my firewall script, just started learning a few months ago. If anyone else has any other ideas or if there's an easier way I'd love to learn about it.
Sorry about the way firefile looks, it should be straight columns...
I'll see if this will work for me...
10x for the help anyway... :-)
|All times are GMT -5. The time now is 06:11 AM.|