* Defining ip range in a rule
@ 2006-03-20 11:22 McDouglas
2006-03-20 11:44 ` John A. Sullivan III
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: McDouglas @ 2006-03-20 11:22 UTC (permalink / raw)
To: netfilter
Hi,
I'd like to ask how to define an ip address range in a rule. I don't
mean using subnet mask but rather for example making a rule which will
block port 110 for the 10.10.2.50-10.10.2.150 ip range.
Thank you.
--
Tisztelettel:
Gregorics Tamás
Szervízmunkatárs
M&M Computer Kft.
7623 Pécs, Mártírok u.42.
Tel.: +36-72/516-511
Fax: +36-72/516-529
Mobil: +36-30-943-6784
e-mail: tamas.gregorics@mmcomputer.hu
http://www.mmcomputer.hu
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Defining ip range in a rule
2006-03-20 11:22 Defining ip range in a rule McDouglas
@ 2006-03-20 11:44 ` John A. Sullivan III
2006-03-20 11:49 ` Hardik Dalwadi
2006-03-20 12:48 ` Askar Ali
2 siblings, 0 replies; 4+ messages in thread
From: John A. Sullivan III @ 2006-03-20 11:44 UTC (permalink / raw)
To: McDouglas; +Cc: netfilter
On Mon, 2006-03-20 at 12:22 +0100, McDouglas wrote:
> Hi,
>
> I'd like to ask how to define an ip address range in a rule. I don't
> mean using subnet mask but rather for example making a rule which will
> block port 110 for the 10.10.2.50-10.10.2.150 ip range.
>
> Thank you.
The iprange match is in most newer kernels. If it is missing in yours,
you may need to patch. You may also need to check to see if it is
included in activated in your kernel.
The man page will have more information but the syntax is:
iptables -A FORWARD -m iprange --[src|dst]-range x.x.x.x-y.y.y.y
Or at least so I recall. Good luck - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com
If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Defining ip range in a rule
2006-03-20 11:22 Defining ip range in a rule McDouglas
2006-03-20 11:44 ` John A. Sullivan III
@ 2006-03-20 11:49 ` Hardik Dalwadi
2006-03-20 12:48 ` Askar Ali
2 siblings, 0 replies; 4+ messages in thread
From: Hardik Dalwadi @ 2006-03-20 11:49 UTC (permalink / raw)
To: McDouglas; +Cc: netfilter
Hi McDouglas,
On Monday 20 March 2006 04:52 PM, McDouglas wrote:
> Hi,
>
> I'd like to ask how to define an ip address range in a rule. I don't
> mean using subnet mask but rather for example making a rule which will
> block port 110 for the 10.10.2.50-10.10.2.150 ip range.
If your kernel is compiled with CONFIG_IP_NF_MATCH_IPRANGE=y
then check below Example.
iptables -I PREROUTING -t nat -m iprange --src-range
^^^^^^^^^^^^^^^^^^^^^^
10.10.2.50-10.10.2.150 -p tcp --dport 80 -j DNAT --to
^^^^^^^^^^^^^^^^^^^^^^^^^
10.10.2.1:3128
Hardik Dalwadi.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Defining ip range in a rule
2006-03-20 11:22 Defining ip range in a rule McDouglas
2006-03-20 11:44 ` John A. Sullivan III
2006-03-20 11:49 ` Hardik Dalwadi
@ 2006-03-20 12:48 ` Askar Ali
2 siblings, 0 replies; 4+ messages in thread
From: Askar Ali @ 2006-03-20 12:48 UTC (permalink / raw)
To: McDouglas; +Cc: netfilter
>
> I'd like to ask how to define an ip address range in a rule. I don't
> mean using subnet mask but rather for example making a rule which will
> block port 110 for the 10.10.2.50-10.10.2.150 ip range.
>
for i in IpListDelimitedwithSpace
do
iptables -A INPUT -p tcp --dport 110 -s $i -J DROP
done
Askar.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-03-20 12:48 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-20 11:22 Defining ip range in a rule McDouglas
2006-03-20 11:44 ` John A. Sullivan III
2006-03-20 11:49 ` Hardik Dalwadi
2006-03-20 12:48 ` Askar Ali
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox