Re: Policy Accept + Allow Multiple IP's

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Rudi Starcevic <tech@wildcash.com>
To: netfilter@lists.netfilter.org
Subject: Re: Policy Accept + Allow Multiple IP's
Date: Mon, 15 Nov 2004 17:19:07 -0800	[thread overview]
Message-ID: <4199558B.6080006@wildcash.com> (raw)
In-Reply-To: <99fb0588041114231136b9056e@mail.gmail.com>

Thanks Paul,

Was hoping for a simple solution and well please to know I can do it 
both ways.

Many thanks
Best regards Rudi

Paul Annesley wrote:

>---------- Forwarded message ----------
>From: Paul Annesley <paul.annesley@gmail.com>
>Date: Mon, 15 Nov 2004 18:05:17 +1100
>Subject: Re: Policy Accept + Allow Multiple IP's
>To: Rudi Starcevic <tech@wildcash.com>
>
>
>On Mon, 15 Nov 2004 16:51:57 -0800, Rudi Starcevic <tech@wildcash.com> wrote:
>
>
>  
>
>>Hi,
>>
>>I have an Iptables firewall with a default policy of accept.
>>
>>I want to allow only certain IP's ssh access.
>>
>>So far I have this rule which allows 1 ip:
>>
>>iptables -A INPUT -p tcp --dport 22 -s ! xxx.xxx.xxx.xxx -j DROP
>>
>>I'm not sure how to list more that 1 allowable IP.
>>
>>This is a production box I've inherited so I'm hoping to work with I already
>>have but may need to look at changing the default policy to drop or
>>something.
>>    
>>
>
>Perhaps you should look at making the policy DROP and allowing
>specific traffic..
>However what you're after can be done with two rules.. something like;
>
>iptables -A INPUT -p tcp --dport 22 -s x.x.x.x -j ACCEPT
>iptables -A INPUT -p tcp --dport 22 -j DROP
>
>  
>
>>Please advise, many thanks.
>>Regards Rudi
>>
>>
>>    
>>
>
>
>
>  
>

next prev parent reply	other threads:[~2004-11-16  1:19 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-11-16  0:51 Policy Accept + Allow Multiple IP's Rudi Starcevic
     [not found] ` <99fb058804111423054365bd85@mail.gmail.com>
2004-11-15  7:11   ` Paul Annesley
2004-11-16  1:19     ` Rudi Starcevic [this message]
2004-11-15 12:07       ` John A. Sullivan III

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4199558B.6080006@wildcash.com \
    --to=tech@wildcash.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.