Re: ip range with iptables

[Kadlecsik Jozsi <kadlec () sunserv kfki hu>]

On Sat, 19 Apr 2003, Magosányi Árpád wrote:

> A levelezőm azt hiszi, hogy Wijaya, J. a következőeket írta:
> > I am trying to block yahoo messenger for my LAN, but only on certain ip
> > range, how can i do this? i already read some articles that we can't do
> > this with iptables, but is there any other way to work around this task??
>
> I have ran into the problem just two days ago. József Kadlecsik made some
> vague promise-like statements to the phone about writing a match for the
> ip range case.

I have just committed the iprange match in the netfilter cvs
as a base patch in patch-o-matic.

The new match makes possible to match source/destination IP addresses
against inclusive IP address ranges.

Examples:

iptables -A FORWARD -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT
iptables -A FORWARD -m iprange --dst-range 10.0.0.0-10.5.255.255.255 -j ACCEPT

Visit http://www.netfilter.org on how to access the cvs repository.

Best regards,
Jozsef
--
E-mail : kadlec () sunserv kfki hu, kadlec () blackhole kfki hu
PGP key: http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address: KFKI Research Institute for Particle and Nuclear Physics
         H-1525 Budapest 114, POB. 49, Hungary

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards