When creating iptables rules, one typically refers either to an
interface:
-i eth0
or to an IP address:
-s 10.1.1.5
or to an IP net/mask:
-d 192.168.0.0/24
But how does one refer to a list of different IP addresses (e.g. a more
general version of "-s 10.1.1.5")? Is this possible without writing
multiple rules?
I wish to introduce a rule to only allow SSH access to the firewall from
three different IPs on the internal network and have only found this way
to do it so far:
iptables -A INPUT -i eth0 -s 10.1.1.5 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -s 10.1.1.11 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -s 10.1.1.20 -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT [...] (the corresponding rule for related traffic)
The experiment:
iptables -A INPUT -i eth0 -s 10.1.1.5,10.1.1.11,10.1.1.20 -p tcp --dport 22 -j ACCEPT
does not work ("host/network not found").
Is there a proper syntax for this?
Cheers,
Dave.
--
Please don't CC me on list messages!
...
Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org
All email from me is now digitally signed, key from http://www.sungate.co.uk/
Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature