[Wylug-help] Re: simple iptables rule

lee at leeevans.org lee at leeevans.org
Tue Feb 15 21:15:31 GMT 2005 

you're not telling it what you want to do (append, insert, delete?) or where
you want to do it (INPUT, OUTPUT, FORWARD?). Looking at those commands it
looks like the first is relevant to INPUT and the second OUPUT - but I'd
also assume you dont want to restrict outgoing internet traffic to the
single IP? In which case you don't want the second.

working that way you want

iptables -A INPUT -i eth1 -s ! your.ip.goes.here -j DROP

regards
lee

Gary Stainburn writes:

> On Tuesday 15 February 2005 5:44 pm, John Hodrien wrote:
>> On Tue, 15 Feb 2005, John Hodrien wrote:
>> > On Tue, 15 Feb 2005, Gary Stainburn wrote:
>> >> Hi folks.
>> >>
>> >> I've got a RH7.3+errata box with eth1 visible to the internet.
>> >> eth0 is internal.
>> >>
>> >> What do I need to put where so that iptables limits access to eth1
>> >> to 1 specifc IP address while not affecting eth0 at all.
>> >
>> > iptables -i eth1 -s !specific.ip.add.ress -j DROP
>> > iptables -o eth1 -d !specific.ip.add.ress -j DROP
>>
>> You'd need a space between the ! and the s if you used that one.
>>
>> jh
>
> Without the space I got very weard errors, which I put down to bash
> mangling the command.  With the space I get the following:-
>
> [root at eddie root]# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> [root at eddie root]# iptables -i eth1 -s ! 99.99.99.99 -j DROP
> iptables v1.2.5: no command specified
> Try `iptables -h' or 'iptables --help' for more information.
> [root at eddie root]# iptables -o eth1 -s ! 99.99.99.99 -j DROP
> iptables v1.2.5: no command specified
> Try `iptables -h' or 'iptables --help' for more information.
> [root at eddie root]#
> --
> Gary Stainburn
>
> This email does not contain private or confidential material as it
> may be snooped on by interested government parties for unknown
> and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
>
>
> _______________________________________________
> Wylug-help mailing list
> Wylug-help at wylug.org.uk
> http://list.wylug.org.uk/mailman/listinfo/wylug-help

More information about the Wylug-help mailing list