Iptables multiple ip nrs block/allow

collen · 09-20-2006, 07:07 AM

Did find some input oin the form about ip range use in iptables
but it's not what i', looking for..

i need to setup a rule to allow 5 differnt ip's with several services...

now i have to enter every ip into a seperate rule..

can i make a chain of differend ip's ??

-current-

iptables -A INPUT -i eth0 -s 192.168.2.8 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.2.98 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.2.201 -p tcp --dport 80 -j ACCEPT

- want to -

CHAINNAME 192.168.2.8
CHAINNAME 192.168.2.98
CHAINNAME 192.168.2.201

iptables -A INPUT -i eth0 -s CHAINNAME -p tcp --dport 80 -j ACCEPT

like making the CHAINNAME a variable orso ??
this is only for port 80, but i need it for other ports as well..

is there a beter way to insert a block of ip's into ip tables ??

Cheers

Collen

Aeiri · 09-21-2006, 10:51 AM

Looking at your IPs, you could just allow the whole network ("192.168.2.0/24"), but you said you didn't want IP ranges.

If this is a bash file you are adding this to, you could write a quick script that does something like:

Code:

iplist="192.168.2.8 192.168.2.98 192.168.2.201"
for ip in $iplist; do iptables -A INPUT -i eth0 -s $ip -p tcp --dport 80 -j ACCEPT

Also, you said multiple services... you can also do multiple ports in one fell swoop using the "multiport" module, like so:

Code:

iptables -A INPUT -i eth0 -s whatever -p tcp -m multiport --dports 17,23,42,80 -j ACCEPT