Solved

[IPTABLES] Is it possible to add multiple sources (IPs) in a variable?

Posted on 2004-08-31
5
438 Views
Last Modified: 2012-06-21
For instance, i would like to only allow 1.2.3.4 and 5.6.7.8 IPs to be allowed to SSH into the server, i know i can do 2 seperate lines, but im hoping to stick all the IPs i need in a variable like: ALLOWED_IPS=1.2.3.4,5.6.7.8  I just wasn't sure if iptables could read the ',' and know to allow those IPs from one line.  I plan on making a few IPs only to allowed to use certain ports in the firewall, this will just help me get started, thank you.
0
Comment
Question by:afrazee
  • 3
  • 2
5 Comments
 

Author Comment

by:afrazee
ID: 11944449
Also, i need to know if this would work with MAC addresses, I hope so, less lines = better ;]
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11946860
IPtables allows single IP's or a netblock (on standard subnet boundaries) to be specified. For discontiguous ranges or a range that isn't wholly contain in a standard subnet you must specify each IP individually.

Since MAC's are by their nature unique each will require a separate rule.
0
 

Author Comment

by:afrazee
ID: 11947055
I have seen some places that use kind of like a loop and a txt file i think, i would like to do this, im just not very familiar with the syntax's, let me paste an example i have found:

#!/bin/bash

if [ -f badips.txt ]
then
        for BAD_IP in `cat badips.txt`
        do
                iptables -A INPUT -s $BAD_IP -j DROP
        done
else
        echo "Can't read badips.txt"
fi

I'm not sure if something like this would suit me or not.. would the above go into my firewall txt file?  
0
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 11947721
It is possible to generate IPtables rules with a for loop in an IPtables setup script, either with a hard coded loop or by reading data from a file. In most cases it is better to use an implicit DENY stance and then explictly allow "safe" IP's.
0
 

Author Comment

by:afrazee
ID: 11948157
thank you, but i figured it out on my own, works wonderful, thanks ;]

0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Outgoing Traffic 11 77
Linux Permissions Issue (Can't Upload) 6 88
IPA - change main server? 3 154
Help With Shell Script Centos 6 6 70
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question