iptables multiple ip's

Posted on 2009-04-28
Last Modified: 2013-11-16
Im extremely new to iptables and i need to block all traffic outgoing on port 25 except from a few machines.  I have it setup for 1 IP, but how do I set it up for multiple?  Here is the code I have. A.A.A.A is the IP.  I have 3 mail servers that i need to allow through.

# Used for private firewall rules

# See how we were called.

case "$1" in


        ## add your 'start' rules here

        # Add SMTP Block   

	/sbin/iptables -A CUSTOMFORWARD -p tcp  -s ! A.A.A.A --destination-port 25 -i eth0 -j LOG --log-prefix "PORT25_REFUSED"   


	/sbin/iptables -A CUSTOMFORWARD -p tcp  -s ! A.A.A.A --destination-port 25 -i eth0 -j DROP




        ## add your 'stop' rules here

        # Remove SMTP Block   

	/sbin/iptables -D CUSTOMFORWARD -p tcp  -s ! A.A.A.A --destination-port 25 -i eth0 -j LOG --log-prefix "PORT25_REFUSED"   


	/sbin/iptables -D CUSTOMFORWARD -p tcp  -s ! A.A.A.A --destination-port 25 -i eth0 -j DROP




        $0 stop

        $0 start

        ## add your 'reload' rules here



        echo "Usage: $0 {start|stop|reload}"



Open in new window

Question by:anauj0101
    1 Comment
    LVL 57

    Accepted Solution

    What I would suggest is that you code multiple accepts for the IP addresses you want, and then code a final drop something like:

    /sbin/iptables -A CUSTOMFORWARD -p tcp  -s a.a.a.1 --destination-port 25 -i eth0 -j ACCEPT --state NEW,ESTABLISHED -j ACCEPT
    /sbin/iptables -A CUSTOMFORWARD -p tcp  -s a.a.a.2 --destination-port 25 -i eth0 -j ACCEPT --state NEW,ESTABLISHED -j ACCEPT
    /sbin/iptables -A CUSTOMFORWARD -p tcp  -s a.a.a.3 --destination-port 25 -i eth0 -j ACCEPT --state NEW,ESTABLISHED -j ACCEPT
    /sbin/iptables -A CUSTOMFORWARD -p tcp  -s a.a.a.4 --destination-port 25 -i eth0 -j --log-prefix "PORT25_REFUSED"  
    /sbin/iptables -A CUSTOMFORWARD -p tcp   --destination-port 25 -i eth0 -j DROP

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now