From: Adrian Hobbs <Adrian.G.Hobbs@uts.edu.au>
To: netfilter@lists.samba.org
Subject: How do you specify an odd group of hosts?
Date: Thu, 16 May 2002 09:12:56 +1000 [thread overview]
Message-ID: <7cc8c8300a.8300a7cc8c@uts.edu.au> (raw)
I am wondering what is the best way to specify an odd group of hosts. For
example, I want to allow managment hosts access to 192.168.0.5. The
managment hosts are 192.168.1.4, 192.168.1.12, 192.168.1.96.
As far as I can tell from the iptables docs you can only specify groups by
netmask according to the following extract from the packet filtering
HOWTO:
*******************************************************
The third and fourth ways allow specification of a group of IP addresses,
such as `199.95.207.0/24' or `199.95.207.0/255.255.255.0'. These both
specify any IP address from 199.95.207.0 to 199.95.207.255 inclusive; the
digits after the `/' tell which parts of the IP address are significant. `/32' or
`/255.255.255.255' is the default (match all of the IP address). To specify
any IP address at all `/0' can be used, like so:
*******************************************************
This will not work with odd hosts such as the management hosts above.
Should I create a managment chain where I list all the managment hosts
and accept the packet if it matches a managment host and use this chain
as the target?
eg:
iptables -A FORWARD -p tcp -d 192.168.0.5 --dport 22 -j MNG_HOST
iptables -A MNG_HOST -s 192.168.1.4 -j ACCEPT
iptables -A MNG_HOST -s 192.168.1.12 -j ACCEPT
iptables -A MNG_HOST -s 192.168.1.96 -j ACCEPT
iptables -A MNG_HOST -j DENY
I think this could be a little cumbersome when dealing with large numbers
of hosts. Maybe a comma separated list of source hosts would be good,
or a way to group.
Adrian.
UTS CRICOS Provider Code: 00099F
DISCLAIMER
========================================================================
This email message and any accompanying attachments may contain
confidential information. If you are not the intended recipient, do not
read, use, disseminate, distribute or copy this message or attachments.
If you have received this message in error, please notify the sender
immediately and delete this message. Any views expressed in this message
are those of the individual sender, except where the sender expressly,
and with authority, states them to be the views the University of
Technology Sydney. Before opening any attachments, please check them for
viruses and defects.
========================================================================
next reply other threads:[~2002-05-15 23:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-15 23:12 Adrian Hobbs [this message]
2002-06-13 16:37 ` How do you specify an odd group of hosts? Antony Stone
2002-06-13 20:31 ` Fred Richards
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7cc8c8300a.8300a7cc8c@uts.edu.au \
--to=adrian.g.hobbs@uts.edu.au \
--cc=aghobbs@uts.edu.au \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.