Quote:
Originally Posted by Net_Spy
I've small issue with blocking local clients. I mean I've webserver that I want to allow limited number to clients to that let say I've 10 users from 10.5.1.1-10 I would like to block 1-9 and allow only last client to access that webserver .
Ive tried the following
Code:
iptables -A -p tcp -i eth1 -d 10.1.1.14 -s ! 10.5.1.10 -j REJECT
iptables -A INPUT -p tcp -d 10.1.1.14 -i eth1 -s ! 10.5.1.10 -j DROP
|
To allow packets to 10.1.1.14 from 10.5.1.10, while denying those from 10.5.1.1-9 you could do a:
Code:
iptables -I INPUT -i eth1 -d 10.1.1.14 -m iprange --src-range 10.5.1.1-10.5.1.9 -j REJECT
iptables -I INPUT -i eth1 -d 10.1.1.14 -s 10.5.1.10 -j ACCEPT
What happens to packets with other source IPs will depend on your INPUT policy (or any other rules).
To allow packets to 10.1.1.14 from 10.5.1.10, while denying all others you could do a:
Code:
iptables -I INPUT -i eth1 -d 10.1.1.14 -s ! 10.5.1.10 -j DROP
This would work regardless of the INPUT policy or any other rules.
Keep in mind that this kind of thing depends on the local clients never being able to change their IPs.
