how to specify IP not equal to in iptables rules ????

Gregory Hosler ghosler at redhat.com
Thu Jul 14 13:08:57 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/14/2011 08:48 PM, Jatin K wrote:
> Dear All Gurus,
> 
> I want to deny a particular IP (172.16.158.111) address in my network to 
> FTP on server (RHEL6), I'm trying to add the following[1][2] iptabls 
> rules on server  and getting error [3]
> 
> 
>   [1] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 21 -j DROP
>   [2] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 20 -j DROP
> 
> [3]  Using intrapositioned negation (`--option ! this`) is deprecated in 
> favor of extrapositioned (`! --option this`).
> 
> 
> if I try following [4]  it throws error like " bash: !172: event not 
> found " (I think it tries to recall a command from history ..may be not 
> sure )
> 
> [4] iptables -A INPUT -s !172.16.158.111 -p tcp --dport 21 -j DROP
> 
> 
> So how to go ...??? and any one guide to the right direction ????? how 
> do I add a rule  like IP or the PORTs is not equal to ?

Like [4], but escape the !

	iptables -A INPUT -s \!172.16.158.111 -p tcp --dport 21 -j DROP
or 	iptables -A INPUT -s "!172.16.158.111" -p tcp --dport 21 -j DROP

*should* work (both untested).

Be that as it may, if you are trying to single out 172.16.158.111 and drop that
address, then you really don't want the negation...

All the best,

- -Greg

> Warm Regards
> 
>    °v°
>   /(_)\
>    ^ ^  Jatin Khatri
> Registerd Linux user No #501175
> www.counter.li.org
> No M$
> 


- -- 
+---------------------------------------------------------------------+

Please also check the log file at "/dev/null" for additional information.
                (from /var/log/Xorg.setup.log)

| Greg Hosler                                   ghosler at redhat.com    |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk4e6mcACgkQ404fl/0CV/SpUACfadNYa9mhDRUc8KgWo61spoyJ
9xcAn1EauhKQnVobUTxQKQwkWe5OAH/2
=tuHf
-----END PGP SIGNATURE-----

More information about the users mailing list