[wplug] iptables multiple addresses?

James O'Kane jo2y at midnightlinux.com
Fri Dec 13 19:08:50 EST 2002


On Fri, 13 Dec 2002, Kubbie wrote:
> Sorry, forgot this, since I was interrupted when writing this...
> 
> iptables -A FORWARD -p udp -s $eeserver --sport 3121 \
> 	-d 111.111.111.1 --dport 26500 \
> 	-m state --state NEW,ESTABLISHED -j ACCEPT
> 

I'm hoping the 111.111.111 part is just an example.

You can add a netmask to the end of an IP address to make it be a block of 
IPs. 111.111.111.0/255.255.255.0 would be everything from .0 to .255
111.111.111.0/255.255.255.128 would be 0-127   (128 addresses)
111.111.111.0/255.255.255.192 would be 0-63    (64 addresses)
111.111.111.0/255.255.255.224 would be 0-31    (32 addresses)
                         .240          0-15     16
                         .248          0-7      8
                         .252          0-3      4
                         .254          0-1      2
                         .255          0        1


>From what I can remember of the top of my head, those are the only size 
groups you can do. If you want a different range other than starting at 0, 
you can change the 111.111.111.0 part to be .128 for example.
so 111.111.111.128/255.255.255.128 would be .128-.255 (still 128 
addresses)


If you want to know more, this is called Classless Inter-Domain Routing 
(CIDR)

I'm not sure if this will still be relevant:
http://www.wplug.org/~jo2y/talks/iptables/slides/ 

I started working on an updated version, but was sidetracked by school.

-james





More information about the wplug mailing list