my iptables Fu is weak today... but I will have a quick play.
THE RANGES CONVERTED TO HUMAN
heck that's a lot of IP's
now... ranges.. let me go read some things... IIRC they weren't supported.
Nope.. I'm wrong:
WHY I'M WRONG
hmm.. let's see if we support that.
iptables -I OUTPUT -m iprange --dst-range 23.0.0.1-23.15.255.254 -j DROP
Quote:
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere destination IP range 23.0.0.1-23.15.255.254
ACCEPT all -- anywhere localhost.localdomain
|
NOTE: The order is important in this case I think. first match wins IIRC, so -I is important in the OUTPUT DROP ruleset. pre-pending the general ACCEPT all.
So yup looks like that would be a working solution if extrapolated from my single worked example and KNC1's list.
HTH
EDIT:
HOWEVER ON A 3 THIS GIVES:
Quote:
[root@kindle fonts]# iptables -I OUTPUT -m iprange --dst-range 23.0.0.1-23.15.255.254 -j DROP
iptables v1.3.8: Couldn't load match `iprange':/usr/lib/iptables/libipt_iprange.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
|
So. err.. I was half right
works on a 5. not on the older devices.