Actually, matching addresses with patterns is not a common way to separate them. There are netmasks for that kind of job. They of course are less powerfull then regexps are but they are definitely enough for common tasks. Netmask is a binary mask which is applied to ip address. Condition '-s IP/NM' (where NM is NetMask) is true on ip-address X if (X & NM = IP & NM)
For example: Let IP = 192.168.1.1, which in binary code is 11000000.10101000.00000001.00000001 NM = 255.255.255.192, which in binary code is 11111111.11111111.11111111.11000000 IP & NM = 11000000.10101000.00000001.00000000 1) X = 192.168.1.17 => 11000000.10101000.00000001.00010001 X & NM = 11000000.10101000.00000001.00000000 = IP & NM X matches the condition 2) X = 192.168.2.17 => 11000000.10101000.00000010.00010001 X & NM = 11000000.10101000.00000010.00000000 != IP & NM no match 3) X = 192.168.1.128 => 11000000.10101000.00000010.10000000 X & NM = 11000000.10101000.00000001.10000000 != IP & NM no match actually netmask is a way to define which bits are significant and which are not usually first X bits are significant and last (32 - X) are not, thus you can simply write a netmask like /24 or something. /255.255.255.192 is equal to /26 On Thu, Nov 12, 2009 at 6:04 PM, Daniel Dalton <d.dal...@iinet.net.au> wrote: > Hi, > > Just one quick question regarding iptables: > How do I specify an ip address to act on with -s that matches a certain > pattern. For example, I want all addresses that begin with > 192.168.1.1 to make my rule true. 192.168.1.1* doesn't seem to work? > So how do I make any ip address starting with this pattern make the rule > true and therefore activated? > eg. > iptables -i INPUT -s 192.168.1.1* -p tcp --dport 22 -j ACCEPT > > How do I make this work for all ips that start with 192.168.1.1, the * > doesn't work. > > Thanks for any help. > > -- > Cheers, > Dan > > http://members.iinet.net.au/~ddalton/ > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAkr7+b8ACgkQQCYsNYjKJVDrpwCfWwlEQtfDHCRpVYoLIFapg6fj > bMsAn0/4w56LrkLPqK41iXv1ud1c22Js > =iRy9 > -----END PGP SIGNATURE----- > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
