[SOVLED by '!' ]how to specify IP not equal to in iptables rules ????

Jatin K ssh.fedora at gmail.com
Mon Jul 18 04:30:37 UTC 2011 

On Saturday 16 July 2011 03:27 PM, g wrote:
> On 07/16/2011 09:11 AM, Jatin K wrote:
>> On Saturday 16 July 2011 02:22 PM, g wrote:
>>>
>>>>>
>>>>>> actually I got the solution what was needed, from this list.
>> without single quote  like this[1]
>> [1]  iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP
> now you are trying to confuse me. :)
>
> because;
>
> }>  On Saturday 16 July 2011 10:18 AM, g wrote:
> }>  >>  On 07/16/2011 04:25 AM, Jatin K wrote:
> }>  >>  <>
> }>  >>
> }>  >>>>  Sorry, that was my mistake  :-(
> }>  >>  that happens. but does make things difficult to help.
> }>  >>
> }>  >>>>  actually I got the solution what was needed, from this list.
> }>  >>  and was so noted. wherein, a little more info would be nice.
> }>  >>
> }>  >>  did blocking work with;
> }>  >>
> }>  >>     [1] iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP
> }>  >>  or
> }>  >>     [2] iptables -A INPUT -s ! 172.16.158.111 -p tcp --dport 21 -j DROP
> }>  >>
> }>  >>  syntax tends to indicate that [2] is correct, as [1] would tend to
> }>  >>  indicate "NOT source".
> }>
> }>
> }>  [2] worked for me   ...by the way we need to indicate !  like '!' ( in
> }>  single quote)
> }>
> }>  iptables -A INPUT -s '!' 172.16.158.111 -p tcp --dport 21 -j DROP
>
>
>> on bash it seems like it tries to find out previously run command  in my
>> cash it finds a command started with -s ( which fails as I've not run
>> any command which starts with -s )
> what are you meaning by "on bash"?

bash = /bin/bash   ( Linux shell )



>
>> but when I tried to put it like '!'... its good to go
>>
>>
>>> or,
>>>
>>>    [2] are you using "echo" to send line to iptables?
>>    no
> just how are you enter new line into iptables?
>
>
I just type the iptables command like following in shell ( /bin/bash or 
the tty terminal or the linux command line )

iptables -A INPUT -s '!' 172.16.158.111 -p tcp --dport 21 -j DROP



if said command  uses "echo" as a child process, I'm not aware about it. I just use iptables command to add a rule



-- 
   °v°
  /(_)\
   ^ ^  Jatin Khatri
Registerd Linux user No #501175
www.counter.li.org
No M$

More information about the users mailing list