Am Mittwoch, 11. Mai 2005 14:14 schrieb Martin Köhling:
Hi!
I want to enable several (ten) hosts to access my VPN. I am using SuSEfirewall and I have custom iptables rules in SuSEfirewall2-custom. Now i want to add one rule for all these hosts. I know that "!" is the wildcard for "any host but the following". How can I add an iptables rule affecting Source IPs from e.g. 1.1.1.10 to 1.1.1.20? I've been looking, but i didn't ind something.
You might try the "iprange" packet matching module (-m iprange); it's not domcumented in the man page, but "iptables -m iprange --help" prints the following (at the end):
iprange match v1.2.9 options: [!] --src-range ip-ip Match source IP in the specified range [!] --dst-range ip-ip Match destination IP in the specified range
So you should be able to use something like:
iptables -A INPUT -m iprange --src-range 1.1.1.10-1.1.1.20 -j ACCEPT
This is present in SuSE 9.1, but apparently not in earlier versions.
Martin Cool. This is exactly what i was looking for. And it works. -- mit freundlichen Grüssen, Markus Feilner -- Feilner IT Linux & GIS Linux Solutions, Training, Seminare und Workshops - auch Inhouse Beraiterweg 4 93047 Regensburg fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092 mail mfeilner@feilner-it.net web http://www.feilner-it.net