Re: [fw-wiz] ip range with iptables

From: Kadlecsik Jozsi (kadlec@sunserv.kfki.hu)
Date: 04/23/03

  • Next message: Carl Friedberg: "RE: [fw-wiz] secure infrastructure question" 
    From: Kadlecsik Jozsi <kadlec@sunserv.kfki.hu>
To: Magosányi Árpád <mag@bunuel.tii.matav.hu>
Date: Wed, 23 Apr 2003 15:46:18 +0200 (MEST)

    On Sat, 19 Apr 2003, Magosányi Árpád wrote:

    > A levelezőm azt hiszi, hogy Wijaya, J. a következőeket írta:
    > > I am trying to block yahoo messenger for my LAN, but only on certain ip
    > > range, how can i do this? i already read some articles that we can't do
    > > this with iptables, but is there any other way to work around this task??
    >
    > I have ran into the problem just two days ago. József Kadlecsik made some
    > vague promise-like statements to the phone about writing a match for the
    > ip range case.

    I have just committed the iprange match in the netfilter cvs
    as a base patch in patch-o-matic.

    The new match makes possible to match source/destination IP addresses
    against inclusive IP address ranges.

    Examples:

    iptables -A FORWARD -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT
    iptables -A FORWARD -m iprange --dst-range 10.0.0.0-10.5.255.255.255 -j ACCEPT

    Visit http://www.netfilter.org on how to access the cvs repository.

    Best regards,
    Jozsef 

    --
E-mail : kadlec@sunserv.kfki.hu, kadlec@blackhole.kfki.hu
PGP key: http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address: KFKI Research Institute for Particle and Nuclear Physics
         H-1525 Budapest 114, POB. 49, Hungary
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Carl Friedberg: "RE: [fw-wiz] secure infrastructure question"