But how does one refer to a list of different IP addresses (e.g. a more general version of "-s 10.1.1.5")? Is this possible without writing multiple rules?
I wish to introduce a rule to only allow SSH access to the firewall from
three different IPs on the internal network and have only found this way
to do it so far:
iptables -A INPUT -i eth0 -s 10.1.1.5 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -s 10.1.1.11 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -s 10.1.1.20 -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT [...] (the corresponding rule for related traffic)
The experiment:
iptables -A INPUT -i eth0 -s 10.1.1.5,10.1.1.11,10.1.1.20 -p tcp --dport 22 -j ACCEPT
does not work ("host/network not found").
Is there a proper syntax for this?
Not that I'm aware of. You could simplify it a bit through the use of a shell loop:
IPS="10.1.1.5 10.1.1.11 10.1.1.20" for IP in $IPS; do iptables -A INPUT -i eth0 -s $IP -p tcp --dport 22 -j ACCEPT done iptables -A OUTPUT [...] (the corresponding rule for related traffic)
Thought the first variable (IPS) isn't truly necessary I find that it helps make it more readable overall.
-- Jamin W. Collins
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
