how to specify IP not equal to in iptables rules ????
Gregory Hosler
ghosler at redhat.com
Thu Jul 14 13:08:57 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/14/2011 08:48 PM, Jatin K wrote:
> Dear All Gurus,
>
> I want to deny a particular IP (172.16.158.111) address in my network to
> FTP on server (RHEL6), I'm trying to add the following[1][2] iptabls
> rules on server and getting error [3]
>
>
> [1] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 21 -j DROP
> [2] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 20 -j DROP
>
> [3] Using intrapositioned negation (`--option ! this`) is deprecated in
> favor of extrapositioned (`! --option this`).
>
>
> if I try following [4] it throws error like " bash: !172: event not
> found " (I think it tries to recall a command from history ..may be not
> sure )
>
> [4] iptables -A INPUT -s !172.16.158.111 -p tcp --dport 21 -j DROP
>
>
> So how to go ...??? and any one guide to the right direction ????? how
> do I add a rule like IP or the PORTs is not equal to ?
Like [4], but escape the !
iptables -A INPUT -s \!172.16.158.111 -p tcp --dport 21 -j DROP
or iptables -A INPUT -s "!172.16.158.111" -p tcp --dport 21 -j DROP
*should* work (both untested).
Be that as it may, if you are trying to single out 172.16.158.111 and drop that
address, then you really don't want the negation...
All the best,
- -Greg
> Warm Regards
>
> °v°
> /(_)\
> ^ ^ Jatin Khatri
> Registerd Linux user No #501175
> www.counter.li.org
> No M$
>
- --
+---------------------------------------------------------------------+
Please also check the log file at "/dev/null" for additional information.
(from /var/log/Xorg.setup.log)
| Greg Hosler ghosler at redhat.com |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk4e6mcACgkQ404fl/0CV/SpUACfadNYa9mhDRUc8KgWo61spoyJ
9xcAn1EauhKQnVobUTxQKQwkWe5OAH/2
=tuHf
-----END PGP SIGNATURE-----
More information about the users
mailing list