RE: How to block a range of IPs?

"Michael K" <micke@xxxxxxxxxx> · Sun, 27 Apr 2003 09:25:01 +0200

> -----Original Message-----
> From: netfilter-admin@xxxxxxxxxxxxxxxxxxx 
> [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Afshin Lamei
> Sent: Sunday, April 27, 2003 8:12 AM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: How to block a range of IPs?
> 
> 
> Hi,
> How can I write a rule for a custom range of IPs? for 
> example, I want to 
> block every WWW packet incoming from eth1, which source is an 
> IP between 
> 192.168.1.10 and 192.168.1.20.
> please help me writing an example.
> thank you
> afshin
> 
> 

You can't, but if you subnet, the closest will be 192.168.1.1 to
192.168.0.14 using mask 255.255.255.240.
Or 192.168.1.1 to 192.168.0.30 using mask 255.255.255.224.

Example:
iptables -A INPUT -i eth0 -p tcp -s 192.168.1.0/255.255.255.240 --dport
www -j DROP

/Klintan