Hello,
So here is my current problem
I am trying to filter all traffic on several ports down to a specific range of IP addresses. I have created a chain to do this called "filter" and another to jump too, named "allow", if the rule matches to accept the traffic.
Right now my filter chain looks like this, minus some stuff to let 192.168 in because both my comp and the firewall comp are behind a router for the moment.
iptables -A filter -s 123.123.0.0/255.255.155.0 -j DROP
iptables -A filter -s 123.123.0.0/255.255.105.0 -j allow
iptables -A filter -j DROP
With this i want only 123.123.100.x-123.123.150.x traffic to be accepted
The idea is a drop all packets below the range minimum then accept all the surviving packets below the range maximum. Anything left over gets dropped. Unfortunately the range max(2nd) rule doesn't seem to be matching..
I have not tested the first rule, range min, to see if it also doesn't match but commenting it out doesn't help so I'm ignoring it for now.
The IP i am testing it from would be 123.123.107.123
when i add a rule to allow 123.123.0.0/16 i can get in fine.
I have used this site to determine the values i use in my rules:
http://www.csgnetwork.com/ipinfocalc.html
"iptables -L -v" shows that the packets are getting dropped in the last rule above.
any ideas as to what may be wrong? also, any better ways to specify a specific IP range in an iptables rule?
thanks in advance.
iptables - network mask
