On Tue, 2004-06-15 at 13:00, Jonathan Villa wrote: > To my understanding the following will allow any address in the x.x.x.0 > block access > > $IPTABLES -A INPUT -p tcp --dport 22 -s xxx.xxx.xx.0/24 -j ACCEPT > $IPTABLES -A INPUT -p tcp --dport 3306 -s xxx.xxx.xx.0/24 -j ACCEPT > $IPTABLES -A INPUT -p tcp --dport 80 -s xxx.xxx.xx.0/24 -j ACCEPT > > It of course is not working... > > my temporary solution : looping through 1-254 > > not very nice when I need to show someone the current rules. > > -confused I'm not doing exactly what you are doing but I do use full subnets for both source and destination and it works fine for me. What do you see that makes you believe it is not working? - John -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
