[IPTABLES] Is it possible to add multiple sources (IPs) in a variable?

For instance, i would like to only allow 1.2.3.4 and 5.6.7.8 IPs to be allowed to SSH into the server, i know i can do 2 seperate lines, but im hoping to stick all the IPs i need in a variable like: ALLOWED_IPS=1.2.3.4,5.6.7.8  I just wasn't sure if iptables could read the ',' and know to allow those IPs from one line.  I plan on making a few IPs only to allowed to use certain ports in the firewall, this will just help me get started, thank you.
afrazeeAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
jlevieConnect With a Mentor Commented:
It is possible to generate IPtables rules with a for loop in an IPtables setup script, either with a hard coded loop or by reading data from a file. In most cases it is better to use an implicit DENY stance and then explictly allow "safe" IP's.
0
 
afrazeeAuthor Commented:
Also, i need to know if this would work with MAC addresses, I hope so, less lines = better ;]
0
 
jlevieCommented:
IPtables allows single IP's or a netblock (on standard subnet boundaries) to be specified. For discontiguous ranges or a range that isn't wholly contain in a standard subnet you must specify each IP individually.

Since MAC's are by their nature unique each will require a separate rule.
0
 
afrazeeAuthor Commented:
I have seen some places that use kind of like a loop and a txt file i think, i would like to do this, im just not very familiar with the syntax's, let me paste an example i have found:

#!/bin/bash

if [ -f badips.txt ]
then
        for BAD_IP in `cat badips.txt`
        do
                iptables -A INPUT -s $BAD_IP -j DROP
        done
else
        echo "Can't read badips.txt"
fi

I'm not sure if something like this would suit me or not.. would the above go into my firewall txt file?  
0
 
afrazeeAuthor Commented:
thank you, but i figured it out on my own, works wonderful, thanks ;]

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.