LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-30-2007, 03:07 AM   #1
LinuxGeek
Member
 
Registered: Jun 2002
Posts: 302

Rep: Reputation: 31
iptables and groups of ips


Hi,
I was wondering if there's any way that I can specify a ips and not a range in an iptables rules. I'm aware of the iprange module, but that only helps if the IPs are a range. Below is an example of what I'm trying to do:

These 3 are in a group:

172.16.0.1
172.16.0.9
172.16.0.90

What I'm trying to do is: iptables -INPUT -p tcp -s 172.16.0.1,172.16.0.9,172.16.0.90 -j DROP

Any ideas? Thanks for your help.
 
Old 01-30-2007, 08:23 PM   #2
IBall
Senior Member
 
Registered: Nov 2003
Location: Perth, Western Australia
Distribution: Ubuntu, Debian, Various using VMWare
Posts: 2,088

Rep: Reputation: 62
You could just put each IP address as a separate rule.

Code:
iptable -INPUT -p tcp -s 172.16.0.1 -j DROP
iptable -INPUT -p tcp -s 172.16.0.9 -j DROP
iptable -INPUT -p tcp -s 172.16.0.90 -j DROP
I hope this helps
--Ian
 
Old 01-30-2007, 09:06 PM   #3
CrEsPo
Member
 
Registered: Apr 2005
Location: Canada
Distribution: Slackware 12
Posts: 184

Rep: Reputation: 30
You could also create a chain.

Code:
iptables -N bannedIPs // create a new chain
// add your custom rules
iptables -A bannedIPs -p tcp -s 172.16.0.1 -j DROP
iptables -A bannedIPs -p tcp -s 172.16.0.9 -j DROP
iptables -A bannedIPs -p tcp -s 172.16.0.90 -j DROP
iptables -A INPUT -j bannedIPs // add the chain to the INPUT
Anything after // is a comment.
 
Old 01-31-2007, 02:42 AM   #4
LinuxGeek
Member
 
Registered: Jun 2002
Posts: 302

Original Poster
Rep: Reputation: 31
Thanks. I currently do what CrEsPo suggested, which is to create a separate chain for the IPs and then set the rules there, but I was wondering if there was anything like iprange but for non-sequential IPs. Thanks.
 
Old 02-01-2007, 01:51 AM   #5
javaroast
Member
 
Registered: Apr 2005
Posts: 131

Rep: Reputation: 19
I run it as a bash script using variables:

bannedIPs="192.168.1.1 192.168.1.4 192.168.1.7"


for bip in $bannedIPs
do
iptables -A $bannedIPs -p tcp -s 172.16.0.1 -j DROP
 
Old 02-01-2007, 01:52 AM   #6
javaroast
Member
 
Registered: Apr 2005
Posts: 131

Rep: Reputation: 19
I run it as a bash script using variables:

bannedIPs="192.168.1.1 192.168.1.4 192.168.1.7"


for bip in $bannedIPs
do
iptables -A $bannedIPs -p tcp -s 172.16.0.1 -j DROP
done

This allows me to easily add new ip's to the list
 
Old 02-01-2007, 04:26 PM   #7
LinuxGeek
Member
 
Registered: Jun 2002
Posts: 302

Original Poster
Rep: Reputation: 31
javaroast, thanks for the suggestion.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
i want to block a range of ips using iptables... Vasili Linux - Security 18 09-19-2006 07:31 AM
Multiple External IPs with iptables tvynr Linux - Networking 11 11-08-2005 03:31 PM
how to define a specific range of IPs and/or multiple IPs in an iptables rule?... TheHellsMaster Linux - Security 9 09-20-2004 11:06 AM
Blocking A Class of Ips w/ Iptables kemplej Linux - Security 4 09-03-2004 12:02 PM
IPtables and multiple IPs irclord Linux - Networking 3 09-03-2003 10:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration