I have a rule:
# config rule option src lan option dest wan option src_ip 192.168.1.150 option proto all option extra '-m time --weekdays Sat,Sun,Mon,Tue,Wed,Thu,Fri --timestart 05:00 --timestop 24:00' option target REJECT
Rather than have several similar rules for different ip's it would be convenient if I could just specify a range of addresses on my LAN.
I tried several variations on things I found in a wiki like:
# config rule option src lan option iprange --src-range 192.168.1.4-192.168.1.50 option dest wan option proto icmp option target DROP
But get "parse errors" when restarting iptables with everything I've tried. Obviously I'm in over my head here, just trying to follow examples.
Any help is appreciated,
Bob
On 02/16/2016 09:00 AM, Bob Goodwin wrote:
I have a rule:
# config rule option src lan option dest wan option src_ip 192.168.1.150 option proto all option extra '-m time --weekdays Sat,Sun,Mon,Tue,Wed,Thu,Fri --timestart 05:00 --timestop 24:00' option target REJECT
Rather than have several similar rules for different ip's it would be convenient if I could just specify a range of addresses on my LAN.
I tried several variations on things I found in a wiki like:
# config rule option src lan option iprange --src-range 192.168.1.4-192.168.1.50 option dest wan option proto icmp option target DROP
But get "parse errors" when restarting iptables with everything I've tried. Obviously I'm in over my head here, just trying to follow examples.
Any help is appreciated,
You need to load the iprange module for the "--src-range" stuff to work, so change that third line to:
option extra '-m iprange --src-range 192.168.1.4-192.168.1.50'
Details are in the iptables-extensions man page. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Diplomacy: The art of saying "Nice doggy!" until you can find a - - big enough rock. - ----------------------------------------------------------------------
On 02/16/2016 09:00 AM, Bob Goodwin wrote:
But get "parse errors" when restarting iptables with everything I've tried. Obviously I'm in over my head here, just trying to follow examples.
You're probably better off asking these questions on the openwrt forums. The rules you're sharing aren't iptables syntax. I'd imagine they're parsed and compiled to iptables commands, but the rules for doing so, and the accepted syntax will be better understood by people who use that system.
On 02/16/16 13:17, Gordon Messmer wrote:
On 02/16/2016 09:00 AM, Bob Goodwin wrote:
But get "parse errors" when restarting iptables with everything I've tried. Obviously I'm in over my head here, just trying to follow examples.
You're probably better off asking these questions on the openwrt forums. The rules you're sharing aren't iptables syntax. I'd imagine they're parsed and compiled to iptables commands, but the rules for doing so, and the accepted syntax will be better understood by people who use that system.
. Been there, did that, the forum is a dead-end for difficult questions. This mailing list usually gets me pointed in the right direction at the least, more often than not provides an answer.
I've also tried the local user's group, twuug, no response either. I know it's near off topic for this list but openwrt/iptables is protecting four Fedora boxes so I thought I could stretch it ... If Rick Stevens suggestions don't solve my problem I'll try the openwrt mailing list. I did get a response from them once.
Bob
-
Bob Goodwin -
Gordon Messmer -
Rick Stevens