[SOVLED by '!' ]how to specify IP not equal to in iptables rules ????

g geleem at bellsouth.net
Sat Jul 16 09:57:50 UTC 2011 

On 07/16/2011 09:11 AM, Jatin K wrote:
> On Saturday 16 July 2011 02:22 PM, g wrote:
>> On 07/16/2011 05:40 AM, Jatin K wrote:
>>> On Saturday 16 July 2011 10:18 AM, g wrote:
>>>> On 07/16/2011 04:25 AM, Jatin K wrote:
>>>> <>
>>>>
>>>>> Sorry, that was my mistake  :-(
>>>> that happens. but does make things difficult to help.
>>>>
>>>>> actually I got the solution what was needed, from this list.
>>>> and was so noted. wherein, a little more info would be nice.
>>>>
>>>> did blocking work with;
>>>>
>>>>     [1] iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP
>>>> or
>>>>     [2] iptables -A INPUT -s ! 172.16.158.111 -p tcp --dport 21 -j DROP
>>>>
>>>> syntax tends to indicate that [2] is correct, as [1] would tend to
>>>> indicate "NOT source".
>>>
>>> [2] worked for me
>>
>> this is what i recall having used, and more logical.
>>
>>>    ...by the way we need to indicate !  like '!' ( in
>>> single quote)
>>>
>>> iptables -A INPUT -s '!' 172.16.158.111 -p tcp --dport 21 -j DROP
>> this is not as i recall using, nor is it as such in man page or in
>> 'Red Hat Linux Firewalls'.
>>
>> in man page, when shown as an option, [!] is used. when in description,
>> "!" is used. (with 2 exceptions)
>>
>> in 'Red Hat Linux Firewalls', examples are show without quotes.
>>
>> so,
>>
>>   [1] did you find without single quote to not work and then tried
>>   with single quotes?
>>
> 
> without single quote  like this[1]
> [1]  iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP

now you are trying to confuse me. :)

because;

}> On Saturday 16 July 2011 10:18 AM, g wrote:
}> >> On 07/16/2011 04:25 AM, Jatin K wrote:
}> >> <>
}> >>
}> >>>> Sorry, that was my mistake  :-(
}> >> that happens. but does make things difficult to help.
}> >>
}> >>>> actually I got the solution what was needed, from this list.
}> >> and was so noted. wherein, a little more info would be nice.
}> >>
}> >> did blocking work with;
}> >>
}> >>    [1] iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP
}> >> or
}> >>    [2] iptables -A INPUT -s ! 172.16.158.111 -p tcp --dport 21 -j DROP
}> >>
}> >> syntax tends to indicate that [2] is correct, as [1] would tend to
}> >> indicate "NOT source".
}>
}>
}> [2] worked for me   ...by the way we need to indicate !  like '!' ( in
}> single quote)
}>
}> iptables -A INPUT -s '!' 172.16.158.111 -p tcp --dport 21 -j DROP


> on bash it seems like it tries to find out previously run command  in my 
> cash it finds a command started with -s ( which fails as I've not run 
> any command which starts with -s )

what are you meaning by "on bash"?


> but when I tried to put it like '!'... its good to go
> 
> 
>> or,
>>
>>   [2] are you using "echo" to send line to iptables?
>
>   no

just how are you enter new line into iptables?


-- 

peace out.

tc.hago,

g
.

****
in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
The installation instructions stated to install Windows 2000 or better.
So I installed Linux.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/
****

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 545 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20110716/70759c2d/attachment.bin

More information about the users mailing list