[wplug] iptables multiple addresses?
James O'Kane
jo2y at midnightlinux.com
Fri Dec 13 19:08:50 EST 2002
On Fri, 13 Dec 2002, Kubbie wrote:
> Sorry, forgot this, since I was interrupted when writing this...
>
> iptables -A FORWARD -p udp -s $eeserver --sport 3121 \
> -d 111.111.111.1 --dport 26500 \
> -m state --state NEW,ESTABLISHED -j ACCEPT
>
I'm hoping the 111.111.111 part is just an example.
You can add a netmask to the end of an IP address to make it be a block of
IPs. 111.111.111.0/255.255.255.0 would be everything from .0 to .255
111.111.111.0/255.255.255.128 would be 0-127 (128 addresses)
111.111.111.0/255.255.255.192 would be 0-63 (64 addresses)
111.111.111.0/255.255.255.224 would be 0-31 (32 addresses)
.240 0-15 16
.248 0-7 8
.252 0-3 4
.254 0-1 2
.255 0 1
>From what I can remember of the top of my head, those are the only size
groups you can do. If you want a different range other than starting at 0,
you can change the 111.111.111.0 part to be .128 for example.
so 111.111.111.128/255.255.255.128 would be .128-.255 (still 128
addresses)
If you want to know more, this is called Classless Inter-Domain Routing
(CIDR)
I'm not sure if this will still be relevant:
http://www.wplug.org/~jo2y/talks/iptables/slides/
I started working on an updated version, but was sidetracked by school.
-james
More information about the wplug
mailing list