[Wylug-help] simple iptables rule
Gary Stainburn
gary.stainburn at ringways.co.uk
Tue Feb 15 18:58:52 GMT 2005
On Tuesday 15 February 2005 5:44 pm, John Hodrien wrote:
> On Tue, 15 Feb 2005, John Hodrien wrote:
> > On Tue, 15 Feb 2005, Gary Stainburn wrote:
> >> Hi folks.
> >>
> >> I've got a RH7.3+errata box with eth1 visible to the internet.
> >> eth0 is internal.
> >>
> >> What do I need to put where so that iptables limits access to eth1
> >> to 1 specifc IP address while not affecting eth0 at all.
> >
> > iptables -i eth1 -s !specific.ip.add.ress -j DROP
> > iptables -o eth1 -d !specific.ip.add.ress -j DROP
>
> You'd need a space between the ! and the s if you used that one.
>
> jh
Without the space I got very weard errors, which I put down to bash
mangling the command. With the space I get the following:-
[root at eddie root]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root at eddie root]# iptables -i eth1 -s ! 99.99.99.99 -j DROP
iptables v1.2.5: no command specified
Try `iptables -h' or 'iptables --help' for more information.
[root at eddie root]# iptables -o eth1 -s ! 99.99.99.99 -j DROP
iptables v1.2.5: no command specified
Try `iptables -h' or 'iptables --help' for more information.
[root at eddie root]#
--
Gary Stainburn
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
More information about the Wylug-help
mailing list