Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

[IPTABLES] Is it possible to add multiple sources (IPs) in a variable?

Posted on 2004-08-31
5
Medium Priority
?
454 Views
Last Modified: 2012-06-21
For instance, i would like to only allow 1.2.3.4 and 5.6.7.8 IPs to be allowed to SSH into the server, i know i can do 2 seperate lines, but im hoping to stick all the IPs i need in a variable like: ALLOWED_IPS=1.2.3.4,5.6.7.8  I just wasn't sure if iptables could read the ',' and know to allow those IPs from one line.  I plan on making a few IPs only to allowed to use certain ports in the firewall, this will just help me get started, thank you.
0
Comment
Question by:afrazee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:afrazee
ID: 11944449
Also, i need to know if this would work with MAC addresses, I hope so, less lines = better ;]
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11946860
IPtables allows single IP's or a netblock (on standard subnet boundaries) to be specified. For discontiguous ranges or a range that isn't wholly contain in a standard subnet you must specify each IP individually.

Since MAC's are by their nature unique each will require a separate rule.
0
 

Author Comment

by:afrazee
ID: 11947055
I have seen some places that use kind of like a loop and a txt file i think, i would like to do this, im just not very familiar with the syntax's, let me paste an example i have found:

#!/bin/bash

if [ -f badips.txt ]
then
        for BAD_IP in `cat badips.txt`
        do
                iptables -A INPUT -s $BAD_IP -j DROP
        done
else
        echo "Can't read badips.txt"
fi

I'm not sure if something like this would suit me or not.. would the above go into my firewall txt file?  
0
 
LVL 40

Accepted Solution

by:
jlevie earned 150 total points
ID: 11947721
It is possible to generate IPtables rules with a for loop in an IPtables setup script, either with a hard coded loop or by reading data from a file. In most cases it is better to use an implicit DENY stance and then explictly allow "safe" IP's.
0
 

Author Comment

by:afrazee
ID: 11948157
thank you, but i figured it out on my own, works wonderful, thanks ;]

0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question