On 02/16/2016 09:00 AM, Bob Goodwin wrote:
I have a rule:
# config rule
option src lan
option dest wan
option src_ip 192.168.1.150
option proto all
option extra '-m time --weekdays Sat,Sun,Mon,Tue,Wed,Thu,Fri
--timestart 05:00 --timestop 24:00'
option target REJECT
Rather than have several similar rules for different ip's it would be
convenient if I could just specify a range of addresses on my LAN.
I tried several variations on things I found in a wiki like:
# config rule
option src lan
option iprange --src-range 192.168.1.4-192.168.1.50
option dest wan
option proto icmp
option target DROP
But get "parse errors" when restarting iptables with everything I've
tried. Obviously I'm in over my head here, just trying to follow examples.
Any help is appreciated,
You need to load the iprange module for the "--src-range" stuff to work,
so change that third line to:
option extra '-m iprange --src-range 192.168.1.4-192.168.1.50'
Details are in the iptables-extensions man page.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- Diplomacy: The art of saying "Nice doggy!" until you can find a -
- big enough rock. -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
