Re: [suse-security] iptables wildcard for IP Addresses?

[Markus Feilner <lists@xxxxxxxxxxxxxx>]

Am Mittwoch, 11. Mai 2005 14:14 schrieb Martin Köhling:
> Hi!
>
> > I want to enable several (ten) hosts to access my VPN. I am using
> > SuSEfirewall and I have custom iptables rules in SuSEfirewall2-custom.
> > Now i want to add one rule for all these hosts. I know that "!" is the
> > wildcard for "any host but the following".
> > How can I add an iptables rule affecting Source IPs from e.g. 1.1.1.10 to
> > 1.1.1.20?
> > I've been looking, but i didn't ind something.
>
> You might try the "iprange" packet matching module (-m iprange); it's not
> domcumented in the man page, but "iptables -m iprange --help" prints the
> following (at the end):
>
> iprange match v1.2.9 options:
> [!] --src-range ip-ip        Match source IP in the specified range
> [!] --dst-range ip-ip        Match destination IP in the specified range
>
> So you should be able to use something like:
>
> iptables -A INPUT -m iprange --src-range 1.1.1.10-1.1.1.20 -j ACCEPT
>
> This is present in SuSE 9.1, but apparently not in earlier versions.
>
> Martin
Cool. 
This is exactly what i was looking for. And it works.
-- 
mit freundlichen Grüssen,
Markus Feilner
--
Feilner IT Linux & GIS 
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Beraiterweg 4 93047 Regensburg
fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092 
mail mfeilner@xxxxxxxxxxxxxx web http://www.feilner-it.net

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here