Blocking a range of source IPs to a specific port

James A Harrison jamesharrison at blackicehosting.com
Tue Aug 2 15:20:45 CEST 2005


Hi,

Replying on my PDA, so just a quick message to say thanks - i'll try that tomorrow.



James Harrison


-----Original Message-----
>From: "Grant Taylor"<gtaylor at riverviewtech.net>
>Sent: 02/08/05 04:05:49
>To: "netfilter"<netfilter at lists.netfilter.org>
>Subject: Re: Blocking a range of source IPs to a specific port
>
>James Harrison wrote:
>
>> Hi,
>>
>> I'm trying to use iptables to block a range of source IP addresses, 
>> but I can't figure out how to specify ranges- i'm trying to block 
>> everything from 172.150-250.*.* on port 8676- can someone help me out 
>> with the rule for this?
>>
>> Thanks,
>> James Harrison
>>
>James, you might want to look in to the IPRange match extension for 
>IPTables. I think you would be able to do something quite literally like 
>this:
>
>iptabels -t filter -A INPUT -p tcp --dport 8676 -m iprange --src-range 
>172.150.0.0-172.250.255.255 -j DROP
>
>I was able to successfully key the above line in to my firewall at the 
>house (test chain) with out any problems so I think the syntax is 
>correct.  However I have never used iprange in production to say what I 
>think of it.  Give it a try and see what you think.
>
>One suggestion is that you may want to send the traffic to a different 
>sub chain to be able to log the traffic before you DROP it.  Just a thought.
>
>
>
>Grant. . . .
>
>




More information about the netfilter mailing list