my iptables Fu is weak today... but I will have a quick play.
THE RANGES CONVERTED TO HUMAN
heck that's a lot of IP's
now... ranges.. let me go read some things... IIRC they weren't supported.
Nope.. I'm wrong:
WHY I'M WRONG
hmm.. let's see if we support that.
iptables -I OUTPUT -m iprange --dst-range 220.127.116.11-18.104.22.168 -j DROP
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere destination IP range 22.214.171.124-126.96.36.199
ACCEPT all -- anywhere localhost.localdomain
NOTE: The order is important in this case I think. first match wins IIRC, so -I is important in the OUTPUT DROP ruleset. pre-pending the general ACCEPT all.
So yup looks like that would be a working solution if extrapolated from my single worked example and KNC1's list.
HOWEVER ON A 3 THIS GIVES:
[root@kindle fonts]# iptables -I OUTPUT -m iprange --dst-range 188.8.131.52-184.108.40.206 -j DROP
iptables v1.3.8: Couldn't load match `iprange':/usr/lib/iptables/libipt_iprange.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
So. err.. I was half right
works on a 5. not on the older devices.