Solved

[IPTABLES] Is it possible to add multiple sources (IPs) in a variable?

Posted on 2004-08-31
5
427 Views
Last Modified: 2012-06-21
For instance, i would like to only allow 1.2.3.4 and 5.6.7.8 IPs to be allowed to SSH into the server, i know i can do 2 seperate lines, but im hoping to stick all the IPs i need in a variable like: ALLOWED_IPS=1.2.3.4,5.6.7.8  I just wasn't sure if iptables could read the ',' and know to allow those IPs from one line.  I plan on making a few IPs only to allowed to use certain ports in the firewall, this will just help me get started, thank you.
0
Comment
Question by:afrazee
  • 3
  • 2
5 Comments
 

Author Comment

by:afrazee
ID: 11944449
Also, i need to know if this would work with MAC addresses, I hope so, less lines = better ;]
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11946860
IPtables allows single IP's or a netblock (on standard subnet boundaries) to be specified. For discontiguous ranges or a range that isn't wholly contain in a standard subnet you must specify each IP individually.

Since MAC's are by their nature unique each will require a separate rule.
0
 

Author Comment

by:afrazee
ID: 11947055
I have seen some places that use kind of like a loop and a txt file i think, i would like to do this, im just not very familiar with the syntax's, let me paste an example i have found:

#!/bin/bash

if [ -f badips.txt ]
then
        for BAD_IP in `cat badips.txt`
        do
                iptables -A INPUT -s $BAD_IP -j DROP
        done
else
        echo "Can't read badips.txt"
fi

I'm not sure if something like this would suit me or not.. would the above go into my firewall txt file?  
0
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 11947721
It is possible to generate IPtables rules with a for loop in an IPtables setup script, either with a hard coded loop or by reading data from a file. In most cases it is better to use an implicit DENY stance and then explictly allow "safe" IP's.
0
 

Author Comment

by:afrazee
ID: 11948157
thank you, but i figured it out on my own, works wonderful, thanks ;]

0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now