[IPTABLES] Is it possible to add multiple sources (IPs) in a variable?
For instance, i would like to only allow 1.2.3.4 and 5.6.7.8 IPs to be allowed to SSH into the server, i know i can do 2 seperate lines, but im hoping to stick all the IPs i need in a variable like: ALLOWED_IPS=1.2.3.4,5.6.7.
Who is Participating?
LVL 40
It is possible to generate IPtables rules with a for loop in an IPtables setup script, either with a hard coded loop or by reading data from a file. In most cases it is better to use an implicit DENY stance and then explictly allow "safe" IP's.
IPtables allows single IP's or a netblock (on standard subnet boundaries) to be specified. For discontiguous ranges or a range that isn't wholly contain in a standard subnet you must specify each IP individually.
Since MAC's are by their nature unique each will require a separate rule.
Since MAC's are by their nature unique each will require a separate rule.
I have seen some places that use kind of like a loop and a txt file i think, i would like to do this, im just not very familiar with the syntax's, let me paste an example i have found:
#!/bin/bash
if [ -f badips.txt ]
then
for BAD_IP in `cat badips.txt`
do
iptables -A INPUT -s $BAD_IP -j DROP
done
else
echo "Can't read badips.txt"
fi
I'm not sure if something like this would suit me or not.. would the above go into my firewall txt file?
#!/bin/bash
if [ -f badips.txt ]
then
for BAD_IP in `cat badips.txt`
do
iptables -A INPUT -s $BAD_IP -j DROP
done
else
echo "Can't read badips.txt"
fi
I'm not sure if something like this would suit me or not.. would the above go into my firewall txt file?
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month7 days, 17 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
