I have been told something like this, but haven't tried it yet. On Sat, 19 Apr 2003, Magosányi Árpád wrote: > A levelezõm azt hiszi, hogy Wijaya, J. a következõeket írta: > > I am trying to block yahoo messenger for my LAN, but only on certain ip > > range, how can i do this? i already read some articles that we can't do > > this with iptables, but is there any other way to work around this task?? > > I have ran into the problem just two days ago. József Kadlecsik made some > vague promise-like statements to the phone about writing a match for the > ip range case. I have just committed the iprange match in the netfilter cvs as a base patch in patch-o-matic. The new match makes possible to match source/destination IP addresses against inclusive IP address ranges. Examples: iptables -A FORWARD -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT iptables -A FORWARD -m iprange --dst-range 10.0.0.0-10.5.255.255.255 -j ACCEPT Visit http://www.netfilter.org on how to access the cvs repository. Best regards, Jozsef -- E-mail : kadlec@xxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxxxx PGP key: http://www.kfki.hu/~kadlec/pgp_public_key.txt Address: KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary *********** REPLY SEPARATOR *********** On 27/04/2003 at 10:41 AM Afshin Lamei wrote: >Hi, >How can I write a rule for a custom range of IPs? for example, I want to >block every WWW packet incoming from eth1, which source is an IP between >192.168.1.10 and 192.168.1.20. >please help me writing an example. >thank you >afshin > > > > > >_________________________________________________________________ >Help STOP SPAM with the new MSN 8 and get 2 months FREE* >http://join.msn.com/?page=features/junkmail
