[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] iptables wildcard for IP Addresses?



Hi!

> I want to enable several (ten) hosts to access my VPN. I am using SuSEfirewall 
> and I have custom iptables rules in SuSEfirewall2-custom.
> Now i want to add one rule for all these hosts. I know that "!" is the 
> wildcard for "any host but the following".
> How can I add an iptables rule affecting Source IPs from e.g. 1.1.1.10 to 
> 1.1.1.20? 
> I've been looking, but i didn't ind something.

You might try the "iprange" packet matching module (-m iprange); it's not
domcumented in the man page, but "iptables -m iprange --help" prints the
following (at the end):

iprange match v1.2.9 options:
[!] --src-range ip-ip        Match source IP in the specified range
[!] --dst-range ip-ip        Match destination IP in the specified range

So you should be able to use something like:

iptables -A INPUT -m iprange --src-range 1.1.1.10-1.1.1.20 -j ACCEPT

This is present in SuSE 9.1, but apparently not in earlier versions.

Martin

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here