[NCLUG] Iptables - ip range

Gabriel L. Somlo somlo at acns.colostate.edu
Mon Nov 25 15:05:59 MST 2002 

You could cheat:

First, do these two:

Iptables -A INPUT -S 10.10.10.30 -i eth0 -p tcp --dport 21 -j ACCEPT
Iptables -A INPUT -S 10.10.10.31 -i eth0 -p tcp --dport 21 -j ACCEPT

Then, this rule:

Iptables -A INPUT -S 10.10.10.32/27 -i eth0 -p tcp --dport 21 -j ACCEPT

will select everything from 32 to 63, and you could insert rules to
block 61-63 individually BEFORE this one...



I know, it ain't pretty, but would be definitely faster than
having individual rules for each IP address in the range...


Hope this helps,

Gabriel


On Mon, Nov 25, 2002 at 02:45:19PM -0700, Jesse Courchaine wrote:
> It would be nice if they had that built in.. but unfortunately that does
> not work.
> I think the only option now is have the multiple rules, I'm just not
> sure if it will
> cause a slowdown in my network connections.
> 
> Thanks,
> Jesse
> 
> -----Original Message-----
> From: nclug-admin at nclug.org [mailto:nclug-admin at nclug.org] On Behalf Of
> Michael Dwyer
> Sent: Monday, November 25, 2002 11:05 AM
> To: nclug at nclug.org
> Subject: Re: [NCLUG] Iptables - ip range
> 
> 
> Jesse Courchaine wrote:
> > Hi,
> > 
> > If anyone is knowledgable in iptables, I have a question for you.  I
> > would
> > like to select a range of IP addresses (i.e. 10.10.10.30 -
> 10.10.10.60,
> > not a subnet)
> > Ex.
> > Iptables -A INPUT -S 10.10.10.30 -i eth0 -p tcp --dport 21 -j ACCEPT
> > Iptables -A INPUT -S 10.10.10.31 -i eth0 -p tcp --dport 21 -j ACCEPT
> > Iptables -A INPUT -S 10.10.10.32 -i eth0 -p tcp --dport 21 -j ACCEPT
> 
> I don't see it in the man page, but does a range specification work?
> 
> iptables -A INPUT -S 10.10.10.31:10.10.10.60 -i eth0 -p tcp --dport 21 
> -j ACCEPT
> 
> 
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
> 
> To unsubscribe, subscribe, or modify your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug
> 
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
> 
> To unsubscribe, subscribe, or modify your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug

More information about the NCLUG mailing list