On Mon, Jun 29, 2009 at 4:14 PM, Jorge Bastos<mysql.jorge@xxxxxxxxxx> wrote: > Hi people, > Sorry about this super basic question, how do i specify a ip range? For > example for a rule like this: > > iptables -A INPUT -p tcp --dport 80 -s 192.168.1.211-219 -d 192.168.1.206 > -j ACCEPT > > I just want to allow the ip's 192.168.1.211 till .219. > What would be the correct syntax? > > Jorge, Specify a bitmask (i.e. 192.168.1.211/28) Note: this does not strictly limit hosts to the .211 to .219 range (the rule will allow .208 through .223...masks require a base-2 host set, so 16 hosts best fit the number required 8 < 9 < 16). I'd recommend setting subranges to base-2 hosts as it avoids leaving holes in the IP address space (unless this is intentional). Otherwise, I think you're locked into individual specifications, but I'm not as smart as others on this list... -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
