Solved

[IPTABLES] Is it possible to add multiple sources (IPs) in a variable?

Posted on 2004-08-31
5
432 Views
Last Modified: 2012-06-21
For instance, i would like to only allow 1.2.3.4 and 5.6.7.8 IPs to be allowed to SSH into the server, i know i can do 2 seperate lines, but im hoping to stick all the IPs i need in a variable like: ALLOWED_IPS=1.2.3.4,5.6.7.8  I just wasn't sure if iptables could read the ',' and know to allow those IPs from one line.  I plan on making a few IPs only to allowed to use certain ports in the firewall, this will just help me get started, thank you.
0
Comment
Question by:afrazee
  • 3
  • 2
5 Comments
 

Author Comment

by:afrazee
ID: 11944449
Also, i need to know if this would work with MAC addresses, I hope so, less lines = better ;]
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11946860
IPtables allows single IP's or a netblock (on standard subnet boundaries) to be specified. For discontiguous ranges or a range that isn't wholly contain in a standard subnet you must specify each IP individually.

Since MAC's are by their nature unique each will require a separate rule.
0
 

Author Comment

by:afrazee
ID: 11947055
I have seen some places that use kind of like a loop and a txt file i think, i would like to do this, im just not very familiar with the syntax's, let me paste an example i have found:

#!/bin/bash

if [ -f badips.txt ]
then
        for BAD_IP in `cat badips.txt`
        do
                iptables -A INPUT -s $BAD_IP -j DROP
        done
else
        echo "Can't read badips.txt"
fi

I'm not sure if something like this would suit me or not.. would the above go into my firewall txt file?  
0
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 11947721
It is possible to generate IPtables rules with a for loop in an IPtables setup script, either with a hard coded loop or by reading data from a file. In most cases it is better to use an implicit DENY stance and then explictly allow "safe" IP's.
0
 

Author Comment

by:afrazee
ID: 11948157
thank you, but i figured it out on my own, works wonderful, thanks ;]

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now