iptables address range -
Rick Stevens
ricks at alldigital.com
Tue Feb 16 17:36:42 UTC 2016
On 02/16/2016 09:00 AM, Bob Goodwin wrote:
>
> I have a rule:
>
> # config rule
> option src lan
> option dest wan
> option src_ip 192.168.1.150
> option proto all
> option extra '-m time --weekdays Sat,Sun,Mon,Tue,Wed,Thu,Fri
> --timestart 05:00 --timestop 24:00'
> option target REJECT
>
> Rather than have several similar rules for different ip's it would be
> convenient if I could just specify a range of addresses on my LAN.
>
> I tried several variations on things I found in a wiki like:
>
> # config rule
> option src lan
> option iprange --src-range 192.168.1.4-192.168.1.50
> option dest wan
> option proto icmp
> option target DROP
>
> But get "parse errors" when restarting iptables with everything I've
> tried. Obviously I'm in over my head here, just trying to follow examples.
>
> Any help is appreciated,
You need to load the iprange module for the "--src-range" stuff to work,
so change that third line to:
option extra '-m iprange --src-range 192.168.1.4-192.168.1.50'
Details are in the iptables-extensions man page.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks at alldigital.com -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- Diplomacy: The art of saying "Nice doggy!" until you can find a -
- big enough rock. -
----------------------------------------------------------------------
More information about the users
mailing list