Hi, Replying on my PDA, so just a quick message to say thanks - i'll try that tomorrow. James Harrison -----Original Message----- >From: "Grant Taylor"<gtaylor@xxxxxxxxxxxxxxxxx> >Sent: 02/08/05 04:05:49 >To: "netfilter"<netfilter@xxxxxxxxxxxxxxxxxxx> >Subject: Re: Blocking a range of source IPs to a specific port > >James Harrison wrote: > >> Hi, >> >> I'm trying to use iptables to block a range of source IP addresses, >> but I can't figure out how to specify ranges- i'm trying to block >> everything from 172.150-250.*.* on port 8676- can someone help me out >> with the rule for this? >> >> Thanks, >> James Harrison >> >James, you might want to look in to the IPRange match extension for >IPTables. I think you would be able to do something quite literally like >this: > >iptabels -t filter -A INPUT -p tcp --dport 8676 -m iprange --src-range >172.150.0.0-172.250.255.255 -j DROP > >I was able to successfully key the above line in to my firewall at the >house (test chain) with out any problems so I think the syntax is >correct. However I have never used iprange in production to say what I >think of it. Give it a try and see what you think. > >One suggestion is that you may want to send the traffic to a different >sub chain to be able to log the traffic before you DROP it. Just a thought. > > > >Grant. . . . > >
