Question
Here is my iptables, how can I make it so that I can allow a range of ip's on ETH1 (10.51.x.x)
- # Generated by iptables-save v1.4.4 on Thu Jul 8 13:00:14 2010
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :fail2ban-ssh - [0:0]
- -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
- -A INPUT -i lo -j ACCEPT
- -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
- -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
- -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
- -A INPUT -j REJECT --reject-with icmp-port-unreachable
- -A FORWARD -j REJECT --reject-with icmp-port-unreachable
- -A OUTPUT -j ACCEPT
- -A fail2ban-ssh -j RETURN
- COMMIT
If you only want to allow a certain range of IP addresses inside of 10.50.0.0 (such as from 10.50.10.20 through 10.50.10.80) you can use the following command:
If you want to allow the entire range you can use this instead:
See iptables man page and this question here on ServerFault: Whitelist allowed IPs (in/out) using iptables
This message was edited 4 times. Last update was at 13/05/2020 07:56:27
沒有留言:
張貼留言