Here is my iptables, how can I make it so that I can allow a range of ip's on ETH1 (10.51.x.x)
# Generated by iptables-save v1.4.4 on Thu Jul 8 13:00:14 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:fail2ban-ssh - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT
-A fail2ban-ssh -j RETURN
COMMIT
If you only want to allow a certain range of IP addresses inside of 10.50.0.0 (such as from 10.50.10.20 through 10.50.10.80) you can use the following command:
If you want to allow the entire range you can use this instead:
See iptables man page and this question here on ServerFault: Whitelist allowed IPs (in/out) using iptables
For a specific port, say 22:
Well you did saw what you want to allow those IPs for but 10.51.x.x in CIDR translates to
10.50.0.0/16
. So it will be something like the line for the loopback interface that has127.0.0.0/8
.May give the following error:
To correct this just put the full ip instead like this:
Ref.:http://blog.capitar.com/iptables-ip-range-reversed/