-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 28 Sep 2006, Burak Ozgoren wrote:
On Thu, September 28, 2006 13:35, Burak Ozgoren wrote:
Hi,
I know i can write source ip within a ip range or with a network mask.
For
example: 192.168.0.5-192.168.0.15 or 192.168.0.0/24
Can i write it for single ip. Like 192.168.0.5 and 192.168.0.9
You can use the second notation (192.168.0.0/24), but for the first you
need
the iprange match.
http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-iprange
Grts,
Rob
I know about range, and mask but need a rule like for example:
Accept port 22 connections from 192.168.0.5, 10.10.60.163, 212.12.X.X
Now i am writing 3 different rules for these.
Well, yes and no, it depends upon how you write you iptable script, is it
a flat file of rule, rule, rule... or a more dynamic script. Yeppers a
iptable script can contain most any bash-ish convention, like:
gdhosts="192.168.0.5 10.10.60.163 212.12.X.X"
for h in gdhosts do
...
This will result in 3 rules, but certainly has the ability to grow and
shrink as needed, and is likely far easier to read, especially with some
comments in the script to keep you in the original mindset...
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFM+z/st+vzJSwZikRAsbuAKC1vp75R+ddUWPohkx6kgzzxlLthwCglMrW
sFQVBYsZN1EvpgVMl3k4tlQ=
=SrvL
-----END PGP SIGNATURE-----
