Re: Blocking a range of source IPs to a specific port

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

James Harrison wrote:


Hi,
I'm trying to use iptables to block a range of source IP addresses, but I can't figure out how to specify ranges- i'm trying to block everything from 172.150-250.*.* on port 8676- can someone help me out with the rule for this? 

Thanks,
James Harrison
James, you might want to look in to the IPRange match extension for IPTables. I think you would be able to do something quite literally like this:
iptabels -t filter -A INPUT -p tcp --dport 8676 -m iprange --src-range 172.150.0.0-172.250.255.255 -j DROP
I was able to successfully key the above line in to my firewall at the house (test chain) with out any problems so I think the syntax is correct. However I have never used iprange in production to say what I think of it. Give it a try and see what you think.
One suggestion is that you may want to send the traffic to a different sub chain to be able to log the traffic before you DROP it. Just a thought. 



Grant. . . .
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux