At the risk of trying to further split an already split hair... You can use the subnet mask, even if it does not represent the actual physical subnet. Thus my local network is 192.168.1.0/24 but I subdivide it for iptables purposes into 192.168.1.0/25 for trusted machines and 192.168.1.128/25 for machines that are blocked completely. (My children like to attach friend's computers for games). But of course, that is still limited to contiguous address ranges.
Cameron. > -----Original Message----- > From: Michael Schwendt [mailto:rh0210ms@;arcor.de] > Sent: Tuesday, 12 November 2002 06:41 > To: [EMAIL PROTECTED] > Subject: Re: Iptables > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 11 Nov 2002 13:28:48 -0600 (CST), Yoink! wrote: > > > On Mon, 11 Nov 2002, Michael Schwendt wrote: > > > On Mon, 11 Nov 2002 13:43:48 +0800 (WST), Luke Brown wrote: > > > > Just a quick question, is there a way to specify multiple > > > > addresses in an iptables statement? > > > > > > No, there isn't. Use a loop and your favourite shell. > > > > Well, not exactly. You can specify subnets, like > > > > iptables -I OUTPUT 1 -p tcp -d 192.168.0.0/24 > --destination-port 80 -j > > REJECT > > > > which will reject 192.168.0.0 all the way through 192.168.0.255 > > Well, he asked about "multiple addresses", not entire sub-nets. > > You can also omit the rule number when using -I or --insert. > And then both your and my reply would be nothing else than > splitting hairs. ;-) > > - -- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > > iD8DBQE90BXG0iMVcrivHFQRAiTdAJ9vID0VPzCPxxCgPuFQQXoXLK6orwCdEHOM > OzJg4I3TxHBrZIO/1pbiE4M= > =Y8/Q > -----END PGP SIGNATURE----- > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
