[SOVLED by '!' ]how to specify IP not equal to in iptables rules ????

g geleem at bellsouth.net
Fri Jul 15 14:19:00 UTC 2011


On 07/15/2011 09:46 AM, Jatin K wrote:
> On Friday 15 July 2011 03:10 PM, James Hogarth wrote:
>>
>>> '!' Solved my problem
>>>
>> Really? Because what you have there is the opposite of that which you 
>> stated you were trying to accomplish in your first post.
>>
>> Now that IP is the only IP that can access your FTP server and all 
>> others get dropped.
>>
> yes  and thats what I wanted ,,,,, Only specified IP can ftp to the server
---


which is not what you stated in your first post, which was;

}> I want to deny a particular IP (172.16.158.111) address in my network to
}> FTP on server (RHEL6), I'm trying to add the following[1][2] iptabls
}> rules on server  and getting error [3]


therefore, if you want to drop "IP (172.16.158.111)", you would use;


  [1] iptables -A INPUT -s 172.16.158.111 -p tcp --dport 21 -j DROP
  [2] iptables -A INPUT -s 172.16.158.111 -p tcp --dport 20 -j DROP

if you want to drop all except "IP (172.16.158.111)", you would use;

  [1] iptables -A INPUT -s ! 172.16.158.111 -p tcp --dport 21 -j DROP
  [2] iptables -A INPUT -s ! 172.16.158.111 -p tcp --dport 20 -j DROP

-- 

peace out.

tc.hago,

g
.

****
in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
The installation instructions stated to install Windows 2000 or better.
So I installed Linux.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/
****

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 545 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20110715/b53def9d/attachment.bin 


More information about the users mailing list