On Mon, Jun 29, 2009 at 5:05 PM, <netfilterdomo.20.miller_2555@xxxxxxxxxxxxxxx> wrote: > On Mon, Jun 29, 2009 at 4:14 PM, Jorge Bastos<mysql.jorge@xxxxxxxxxx> wrote: >> Hi people, >> Sorry about this super basic question, how do i specify a ip range? For >> example for a rule like this: >> >> iptables -A INPUT -p tcp --dport 80 -s 192.168.1.211-219 -d 192.168.1.206 >> -j ACCEPT >> >> I just want to allow the ip's 192.168.1.211 till .219. >> What would be the correct syntax? >> >> Jorge, > > Specify a bitmask (i.e. 192.168.1.211/28) Note: this does not strictly > limit hosts to the .211 to .219 range (the rule will allow .208 > through .223...masks require a base-2 host set, so 16 hosts best fit > the number required 8 < 9 < 16). I'd recommend setting subranges to > base-2 hosts as it avoids leaving holes in the IP address space > (unless this is intentional). Otherwise, I think you're locked into > individual specifications, but I'm not as smart as others on this > list... > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > > Sorry - finally read the man page.. try this matching string: -m iprange --src-range 192.168.1.211/32-192.168.1.219/32 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html