Jarry writes:
> I'd like to ask if there is some way to include multiple discrete
> hosts/IP's in --source and --destination options of iptables.
>
> I'm trying to write firewall rules for my server, but it has
> 12 IP's from different segments (and maybe it gets a few more
> later), and the script grows up as I have to write nearly
> identical rules with difference only in -s/-d IP's.
>
> What I'm looking for is a way to define some variable at the
> beginning of my script, like MY_IP="IP1 IP2 IP3 IP4..." and
> later to use is in rules (iptables -A INPUT -s $MY_IP...).
> But I do not know how to use it. As far as I understand it,
> --source/--destination accepts only single IP's or continuous
> IP-segments...
Well, as your iptables script is probably written in bash, you can do
loops as you like:
myIPs="IP1 IP2 IP3 IP4 ..."
for ip in $myIPs do # use $myIPs here, not "$myIPs"!
iptables -A INPUT -s $ip ...
done
Wonko
