Board index Linux Security

IP tables script, multiple IP's ?

IP tables script, multiple IP's ?

Post by Jeff Ber » Mon, 20 May 2002 14:32:09



I have written a script to setup my iptables and I only want to give certain
IP's from different networks access to my webserver.  I forgot how to use a
variable to use a bunch of IP's... can you tell me how?

basically instead of this:

iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 209.7.7.7 \
-d 209.209.209.2
iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 124.8.8.8 \
-d 209.209.209.2
iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 63.9.9.9 \
-d 209.209.209.2
iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 12.5.5.5 \
-d 209.209.209.2

I'd rather do something like this:

MYWWW = [209.7.7.7, 124.8.8.8, 63.9.9.9, 12.5.5.5]
iptables -A INPUT -j ACCEPT -p tcp -i eth0 -dport www -s $MYWWW -d
209.209.209.2

but I don't have the syntax down yet.

Would you please correct my syntax?

Thanks,

Jeff

 
 
 
Top

IP tables script, multiple IP's ?

Post by Luke Voge » Mon, 20 May 2002 16:03:11



> I have written a script to setup my iptables and I only want to give certain
> IP's from different networks access to my webserver.  I forgot how to use a
> variable to use a bunch of IP's... can you tell me how?

> basically instead of this:

> iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 209.7.7.7 \
> -d 209.209.209.2
> iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 124.8.8.8 \
> -d 209.209.209.2
> iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 63.9.9.9 \
> -d 209.209.209.2
> iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 12.5.5.5 \
> -d 209.209.209.2

> I'd rather do something like this:

> MYWWW = [209.7.7.7, 124.8.8.8, 63.9.9.9, 12.5.5.5]
> iptables -A INPUT -j ACCEPT -p tcp -i eth0 -dport www -s $MYWWW -d
> 209.209.209.2

> but I don't have the syntax down yet.

> Would you please correct my syntax?

> Thanks,

> Jeff

IP_LIST="209.7.7.7 124.8.8.8 63.9.9.9 12.5.5.5"

for IP in $IP_LIST; do
    $IPTABLES -A INPUT -p tcp -i eth0 -s $IP \
        -d 209.209.209.2 --dport www -j ACCEPT
done
--
Regards
Luke
------
Q:  What does FAQ stand for?
A:  We are Frequently Asked this Question, and we have no idea.
------
C.O.L.S FAQ - http://www.linuxsecurity.com/docs/colsfaq.html
Note: Remove NOSPAM from my return address if necessary
------

 
 
 
Top

IP tables script, multiple IP's ?

Post by William Par » Mon, 20 May 2002 23:58:00



> I have written a script to setup my iptables and I only want to give certain
> IP's from different networks access to my webserver.  I forgot how to use a
> variable to use a bunch of IP's... can you tell me how?

> basically instead of this:

> iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 209.7.7.7 \
> -d 209.209.209.2
> iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 124.8.8.8 \
> -d 209.209.209.2
> iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 63.9.9.9 \
> -d 209.209.209.2
> iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 12.5.5.5 \
> -d 209.209.209.2

> I'd rather do something like this:

> MYWWW = [209.7.7.7, 124.8.8.8, 63.9.9.9, 12.5.5.5]
> iptables -A INPUT -j ACCEPT -p tcp -i eth0 -dport www -s $MYWWW -d
> 209.209.209.2

> but I don't have the syntax down yet.

> Would you please correct my syntax?

> Thanks,

> Jeff

You have to list the rules one by one, ie.

    for ip in 209.7.7.7 124.8.8.8 63.9.9.9 12.5.5.5 ; do
        iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s $ip -d 209.209.209.2
    done

--

8-CPU Cluster, Hosting, NAS, Linux, LaTeX, python, vim, mutt, tin

 
 
 
Top

IP tables script, multiple IP's ?

Post by Jeff Ber » Tue, 21 May 2002 01:07:42



> IP_LIST="209.7.7.7 124.8.8.8 63.9.9.9 12.5.5.5"

> for IP in $IP_LIST; do
>     $IPTABLES -A INPUT -p tcp -i eth0 -s $IP \
> -d 209.209.209.2 --dport www -j ACCEPT
> done
> --
> Regards
> Luke

Thanks.  that was it.

Jeff

 
 
 
Top

IP tables script, multiple IP's ?

Post by macefin » Tue, 21 May 2002 03:14:34


Wanna try ippool from patch-o-matic?:)


>> IP_LIST="209.7.7.7 124.8.8.8 63.9.9.9 12.5.5.5"

>> for IP in $IP_LIST; do
>>     $IPTABLES -A INPUT -p tcp -i eth0 -s $IP \
>> -d 209.209.209.2 --dport www -j ACCEPT
>> done
>> --
>> Regards
>> Luke

>Thanks.  that was it.

>Jeff

 
 
 
Top

1. multiple ip's - multiple inetd's?

Solaris supports multiple ip addresses for the same interface.  The
only software that I am aware of that uses this is the CERN httpd.
It allows you to set up more that one web server on the same physical
machine.

I can se how it would be very useful to have an inetd process for each
ip address.  Each could have it's own configuration and its own set of
daemons that could be started.  This may be even more useful on a dual
hosted machine that is a gateway between two networks.

Does anybody know if this is supported (or how to hack it if it isn't)?

thanks,

- Doug Chapman
- Sanders: A Lockheed Martin Company
- Hudson NH

2. DRAFT #1: MATRIX: OS/2 vs UNIX vs NT

3. ping -g 'gateway-IP' 'host-IP' DOESN'T work!

4. How do I get the pid of the client process in the FIFO_NAME???

5. optional dns via scripts + multiple-ip's

6. Promiscuous mode on IP port?

7. Multiple public IP's for NAT to Multiple Internal machines

8. 2 /etc/inetd processes running - 1 respawns - on OSR5 - help please !

9. ip tables vpn pptp and ip gre47

10. IP Chains / Ip Tables

11. IP Tables & IP Accounting

12. Going from IP chains to IP tables

13. Cannot FTP via IP MASQUERADE with IP tables


All times are UTC
Board index