On Mon, 2006-03-20 at 12:22 +0100, McDouglas wrote: > Hi, > > I'd like to ask how to define an ip address range in a rule. I don't > mean using subnet mask but rather for example making a rule which will > block port 110 for the 10.10.2.50-10.10.2.150 ip range. > > Thank you. The iprange match is in most newer kernels. If it is missing in yours, you may need to patch. You may also need to check to see if it is included in activated in your kernel. The man page will have more information but the syntax is: iptables -A FORWARD -m iprange --[src|dst]-range x.x.x.x-y.y.y.y Or at least so I recall. Good luck - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx If you would like to participate in the development of an open source enterprise class network security management system, please visit http://iscs.sourceforge.net