IP range match
The IP range match is used to match IP ranges, just as the --source and --destination matches are able to do as well. However, this match adds a different kind of matching in the sense that it is able to match in the manner of from IP - to IP, which the --source and --destination matches are unable to. This may be needed in some specific network setups, and it is rather a bit more flexible. The IP range match is loaded by using the -m iprange keyword.
Table 10-18. IP range match options
Match | --src-range |
Kernel | 2.4, 2.5 and 2.6 |
Example | iptables -A INPUT -p tcp -m iprange --src-range 192.168.1.13-192.168.2.19 |
Explanation | This matches a range of source IP addresses. The range includes every single IP address from the first to the last, so the example above includes everything from 192.168.1.13 to 192.168.2.19. The match may also be inverted by adding an !. The above example would then look like -m iprange ! --src-range 192.168.1.13-192.168.2.19, which would match every single IP address, except the ones specified. |
Match | --dst-range |
Kernel | 2.4, 2.5 and 2.6 |
Example | iptables -A INPUT -p tcp -m iprange --dst-range 192.168.1.13-192.168.2.19 |
Explanation | The --dst-range works exactly the same as the --src-range match, except that it matches destination IP's instead of source IP's. |
No comments:
Post a Comment