When creating iptables rules, one typically refers either to an interface: -i eth0 or to an IP address: -s 10.1.1.5 or to an IP net/mask: -d 192.168.0.0/24 But how does one refer to a list of different IP addresses (e.g. a more general version of "-s 10.1.1.5")? Is this possible without writing multiple rules? I wish to introduce a rule to only allow SSH access to the firewall from three different IPs on the internal network and have only found this way to do it so far: iptables -A INPUT -i eth0 -s 10.1.1.5 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -s 10.1.1.11 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -s 10.1.1.20 -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT [...] (the corresponding rule for related traffic) The experiment: iptables -A INPUT -i eth0 -s 10.1.1.5,10.1.1.11,10.1.1.20 -p tcp --dport 22 -j ACCEPT does not work ("host/network not found"). Is there a proper syntax for this? Cheers, Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature