iptables - ip filtering
Hi Gentlemen!
I'm trying to write an iptables config file, but got stuck. So I want to define an IP range that allows full access eth0-eth1 forwarding, and another that is allowed to access some special ip-s. The first part works, I could make the range has full access: iptables -A FORWARD -m iprange --src-range 192.168.80.20-192.168.80.40 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward But cant find out, how tom make the second rule. How could I put speicified target ip-s in this? I've tried to make a new chain: iptables -N ALLOW iptables -A FORWARD -m iprange --src-range 192.168.80.40-192.168.80.50 -j ALLOW iptables -A ALLOW ... But from this point there was no syntax I could force to work. (sorry for my bad english :) ) And thx for help! Another idea to allow the allow chain to accept the IP: iptables -A ALLOW -s IP -j ACCEPT iptables -A ALLOW DROP iptables -A ALLOW -j FROWARD Any other idea? :) |
Quote:
Hi, why donīt you try Firehol http://firehol.sourceforge.net/, It has a very easy to use script language. I have 1 server with a firewall with around 300 iptables rules that in Firehol script language are 20 lines. Regards |
All times are GMT -5. The time now is 12:29 PM. |