[NCLUG] Iptables - ip range
Jesse Courchaine
JCourcha at Colostate.Edu
Mon Nov 25 05:09:12 MST 2002
Hi,
If anyone is knowledgable in iptables, I have a question for you. I
would
like to select a range of IP addresses (i.e. 10.10.10.30 - 10.10.10.60,
not a subnet)
for use in the source of an iptables based firewall. The only way I
know
how to do this is using a shell for-script to go through each address
and add
a rule for each one (as opposed to a subnet where only one rule is
needed)
Ex.
Iptables -A INPUT -S 10.10.10.30 -i eth0 -p tcp --dport 21 -j ACCEPT
Iptables -A INPUT -S 10.10.10.31 -i eth0 -p tcp --dport 21 -j ACCEPT
Iptables -A INPUT -S 10.10.10.32 -i eth0 -p tcp --dport 21 -j ACCEPT
...
Does anyone know if there is another way to do this? And if not, will it
slow the machine down to have to search through all the ~30 rules?
Thanks,
Jesse
More information about the NCLUG
mailing list