Op maandag 28 april 2003 19:41, schreef u: > Op maandag 28 april 2003 18:14, schreef John A. Sullivan III: > > You can use the tool at http://subnetcreator.sourceforge.net/ to easily > > determine which subnets are contained in your IP address range. The > > same logic is being built into the iptables+ management tool being > > developed in http://iscs.sourceforge.net/ . However,even better,it > > appears there is a patch available in patch-o-matic that allows one to > > enter a range directly in iptables. I haven't tried it yet but hope to > > do so soon to replace that logic in ISCS. Good luck - John > > > > On Sun, 2003-04-27 at 10:06, netfilter-request@xxxxxxxxxxxxxxxxxxx > > > > wrote: > > > --__--__-- > > > > > > Message: 4 > > > From: "Afshin Lamei" <linux_st@xxxxxxxxxxx> > > > To: netfilter@xxxxxxxxxxxxxxxxxxx > > > Subject: How to block a range of IPs? > > > Date: Sun, 27 Apr 2003 10:41:54 +0430 > > > > > > Hi, > > > How can I write a rule for a custom range of IPs? for example, I want > > > to block every WWW packet incoming from eth1, which source is an IP > > > between 192.168.1.10 and 192.168.1.20. > > > please help me writing an example. > > > thank you > > > afshin > > > > > > > > > > > > > > > > > > _________________________________________________________________ > > > Help STOP SPAM with the new MSN 8 and get 2 months FREE* > > > http://join.msn.com/?page=features/junkmail > > AT_HOME_RANGE="213.51.16.0/21 213.51.24.0/21" > > ${ECHO} -n "Drop and log @HOME_USERS in range: " > for athomerange in ${AT_HOME_RANGE} ; do > ${IPTABLES} -A INPUT -i ${EXT_INTERFACE} -s ${athomerange} -m > limit \ > -j LOG --log-prefix "@HOME_USER:DROP " > ${IPTABLES} -A @HOME_CHK -i ${EXT_INTERFACE} -s ${athomerange} -j > DROP > ${ECHO} -n "${athomerange} " > done > > this is an example off a line i use , if you wish to have more ranges, you > have to make a new rule like this ,but another name like "AT_HOME_RANGE2" > > good luck > > Pascal (PC-Secure) so in your picture it would be like this :: EXT_INTERFACE="eth1" IPTABLES="/usr/bin/iptables AT_HOME_RANGE="192.168.1.10/24 192.168.1.20/24" ${ECHO} -n "Drop and log @HOME_USERS in range: " for athomerange in ${AT_HOME_RANGE} ; do ${IPTABLES} -A INPUT -i ${EXT_INTERFACE} -s ${athomerange} -m limit \ -j LOG --log-prefix "@HOME_USER:DROP " ${IPTABLES} -A INPUT -i ${EXT_INTERFACE} -s ${athomerange} -j DROP ${ECHO} -n "${athomerange} " done ready and go Pascal (PC-Secure)
