frankhunt wrote:
> I want to block an entire class A address set
and then allow a few of
> the addresses within that set to have
access.
> I figured I could block all the addresses in the set then
allow the
> specific address(es) that I want.
> Like this:
>
> iptables -A INPUT -s nnn.0.0.0/8 -j LOG --log-prefix
"IPTABLES DROPPED"
> iptables -A INPUT -s nnn.0.0.0/8 -j
DROP
DROP is a terminating target - once it is used no other
actions occur.
Reorder your rules to put the ACCEPT first and you
will get the behavior you describe wanting:
iptables -A INPUT -s
nnn.0.6.135 -j ACCEPT
iptables -A INPUT -s nnn.0.0.0/8 -j LOG
--log-prefix "IPTABLES DROPPED"
iptables -A INPUT -s
nnn.0.0.0/8 -j DROP
--
Michael Rasmussen
http://www.jamhome.us/
Be Appropriate && Follow Your Curiosity
_______________________________________________
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
