how to specify IP not equal to in iptables rules ????
Tom H
tomh0665 at gmail.com
Thu Jul 14 14:03:06 UTC 2011
On Thu, Jul 14, 2011 at 8:48 AM, Jatin K <ssh.fedora at gmail.com> wrote:
>
> I want to deny a particular IP (172.16.158.111) address in my network to
> FTP on server (RHEL6), I'm trying to add the following[1][2] iptabls
> rules on server and getting error [3]
>
> [1] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 21 -j DROP
> [2] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 20 -j DROP
>
> [3] Using intrapositioned negation (`--option ! this`) is deprecated in
> favor of extrapositioned (`! --option this`).
>
> [4] iptables -A INPUT -s !172.16.158.111 -p tcp --dport 21 -j DROP
Without any "!" should do it because you'll be telling iptables to
drop connections from that IP.
More information about the users
mailing list