On Wednesday 26 March 2003 12:37 pm, Carlos Cajina wrote: > Hi, I'm Carlos from Nicaragua but currently living in Mexico... I just > signed up to this list and already have one question in mind: Is it > possible to specify a particular IP address range when creating > filtering rules? If so... where can I find the info that talks about > it? Yes. For example, to match a single source IP use "-s a.b.c.d", while to match a range of IPs you have to be able to match with a mask, like "-s a.b.c.d/24" or "-s a.b.c.d/255.255.255.0" to match a.b.c. and anything for d. Destinations are matched with "-d a.b.c.d/m" the same way. If you need to match an 'odd' range of IPs, that cannot be fitted to a single ip/mask test, then it is usually necessary to use multiple rules. IE, if you need to match 192.168.0.4-192.168.0.6, then you can match .4 and .5 with 192.168.0.4/31, but .6 will need a separate rule. (unless you don't mind catching .7 as well, in which case a mask for 30 bits instead of 31 would work for all 4 IPs) http://iptables-tutorial.frozentux.net is the best tutorial around for iptables. j > Best regards!!!!
