Op maandag 28 april 2003 18:14, schreef John A. Sullivan III: > You can use the tool at http://subnetcreator.sourceforge.net/ to easily > determine which subnets are contained in your IP address range. The > same logic is being built into the iptables+ management tool being > developed in http://iscs.sourceforge.net/ . However,even better,it > appears there is a patch available in patch-o-matic that allows one to > enter a range directly in iptables. I haven't tried it yet but hope to > do so soon to replace that logic in ISCS. Good luck - John > > On Sun, 2003-04-27 at 10:06, netfilter-request@xxxxxxxxxxxxxxxxxxx > > wrote: > > --__--__-- > > > > Message: 4 > > From: "Afshin Lamei" <linux_st@xxxxxxxxxxx> > > To: netfilter@xxxxxxxxxxxxxxxxxxx > > Subject: How to block a range of IPs? > > Date: Sun, 27 Apr 2003 10:41:54 +0430 > > > > Hi, > > How can I write a rule for a custom range of IPs? for example, I want to > > block every WWW packet incoming from eth1, which source is an IP between > > 192.168.1.10 and 192.168.1.20. > > please help me writing an example. > > thank you > > afshin > > > > > > > > > > > > _________________________________________________________________ > > Help STOP SPAM with the new MSN 8 and get 2 months FREE* > > http://join.msn.com/?page=features/junkmail AT_HOME_RANGE="213.51.16.0/21 213.51.24.0/21 ${ECHO} -n "Drop and log @HOME_USERS in range: " for athomerange in ${AT_HOME_RANGE} ; do ${IPTABLES} -A INPUT -i ${EXT_INTERFACE} -s ${athomerange} -m limit \ -j LOG --log-prefix "@HOME_USER:DROP " ${IPTABLES} -A @HOME_CHK -i ${EXT_INTERFACE} -s ${athomerange} -j DROP ${ECHO} -n "${athomerange} " done this is an example off a line i use , if you wish to have more ranges, you have to make a new rule like this ,but another name like "AT_HOME_RANGE2" good luck Pascal (PC-Secure)
