Hi all, sorry if this is a stupid question, I am just a newbie with iptables. I am currently writing a little script for a simple network design. I have a local network parted from the internet with a linux firewall. Now I would like to drop all packets coming on the Internet interface on the firewall with source address out of the private IP address ranges (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 and 169.254.0.0/16). I use the following syntax in my script: ... WAN_IFACE="eth0" PRIV_IP="10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,169.254.0.0/16" ... iptables -A INPUT -i $WAN_IFACE -s $PRIV_IP -j DROP ... When I execute the script I get the following error: ... iptables v1.2.9: host/network `10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0' not found ... Isn't it possible to write a rule like this, or what am I doing wrong? Thx for you help guys! Cheers, Markus -------------------------------------------------------------------- Markus Zeilinger (System Administration) University of Linz, Systems Engineering and Automation Altenberger Strasse 69, 4040 Linz, AUSTRIA Phone: +43(0)732-2468-8869, Fax: +43(0)732-2468-8878 PGP Fingerprint: 5FC3 E7B3 DC02 C0A2 0198 70CB 9715 491B DA97 4E3F Home: http://www.sea.uni-linz.ac.at/department/staff/mz/ --------------------------------------------------------------------
