[wplug] iptables multiple addresses?
Kubbie
squeakers2k at icqmail.com
Fri Dec 13 23:26:27 EST 2002
Thanks!
-----Original Message-----
From: wplug-admin at wplug.org [mailto:wplug-admin at wplug.org]On Behalf Of
James O'Kane
Sent: Friday, December 13, 2002 7:09 PM
To: wplug at wplug.org
Subject: RE: [wplug] iptables multiple addresses?
On Fri, 13 Dec 2002, Kubbie wrote:
> Sorry, forgot this, since I was interrupted when writing this...
>
> iptables -A FORWARD -p udp -s $eeserver --sport 3121 \
> -d 111.111.111.1 --dport 26500 \
> -m state --state NEW,ESTABLISHED -j ACCEPT
>
I'm hoping the 111.111.111 part is just an example.
You can add a netmask to the end of an IP address to make it be a block of
IPs. 111.111.111.0/255.255.255.0 would be everything from .0 to .255
111.111.111.0/255.255.255.128 would be 0-127 (128 addresses)
111.111.111.0/255.255.255.192 would be 0-63 (64 addresses)
111.111.111.0/255.255.255.224 would be 0-31 (32 addresses)
.240 0-15 16
.248 0-7 8
.252 0-3 4
.254 0-1 2
.255 0 1
>From what I can remember of the top of my head, those are the only size
groups you can do. If you want a different range other than starting at 0,
you can change the 111.111.111.0 part to be .128 for example.
so 111.111.111.128/255.255.255.128 would be .128-.255 (still 128
addresses)
If you want to know more, this is called Classless Inter-Domain Routing
(CIDR)
I'm not sure if this will still be relevant:
http://www.wplug.org/~jo2y/talks/iptables/slides/
I started working on an updated version, but was sidetracked by school.
-james
_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug
More information about the wplug
mailing list