On Sat, 2003-05-17 at 08:26, Drew Weaver wrote: > I would like to disclude a /25 from accessing a server except for 1 ip > address on that /25 this is what I have in my rules. > > /sbin/iptables -A INPUT -i eth0 -s 10.1.0.0/25 -j DUMP > /sbin/iptables -A INPUT -i eth0 -s 10.1.0.52/32 -j ACCEPT > > the blocking works, the 10.1.0.0/25 network cannot reach this server, > however the 10.1.0.52/32 cant either. use /sbin/iptables -A INPUT -i eth0 -s 10.1.0.52/32 -j ACCEPT /sbin/iptables -A INPUT -i eth0 -s 10.1.0.0/25 -j DUMP instead. filter lists: private ip addresses: rfc 1918 > /sbin/iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DUMP > /sbin/iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DUMP > /sbin/iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DUMP loopback > /sbin/iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DUMP multicast, reserved > /sbin/iptables -A INPUT -i eth0 -s 224.0.0.0/3 -j DUMP Andreas
