Le dim 27/04/2003 à 08:11, Afshin Lamei a écrit : > How can I write a rule for a custom range of IPs? for example, I want to > block every WWW packet incoming from eth1, which source is an IP between > 192.168.1.10 and 192.168.1.20. A bit HS, but a quite wonderful tool for this kind of situation. netmask, distributed with Debian, allows you to find all subnets that cover an arbitrary IP range : cbr@xxxxxxx:~$ netmask 192.168.1.10:192.168.1.20 192.168.1.10/31 192.168.1.12/30 192.168.1.16/30 192.168.1.20/32 Now you have coverd your range, just implement your 4 rules. The other solution is to find a single subnet that covers your whole range. In your case, the minimal one seems to 192.168.1.1/27 that covers from 192.168.1.1 to 192.168.1.31. cbr@xxxxxxx:~$ netmask -r 192.168.1.1/27 192.168.1.0-192.168.1.31 (32) Now you have a single rule, but it covers a much larger range than you need. -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
