To quote the documentation for /etc/shorewall/rules:
SOURCE
<snip>
subnet
refers to a connection request from any host in the specified
subnet (example net:155.186.235.0/24). IP address ranges of the form
<first address>-<last address> may be specified. This requires that
your kernel and iptables have iprange match support.
HTH
Will
On 3/17/07, George <[EMAIL PROTECTED]> wrote:
> Hi!
> Well, I'm running Gentoo-r5 with 2.6.14 kernel on x86 architecture with
> Shorewall 3.0.8. I'm sure all the right modules/kernel features are
> eneabled, but I can't figure our the syntax of the line to block a range in
> my "blacklist" file.
> Do I just add this in there?:
>
> 192.168.4.51-192.168.4.79
>
> Thanks for the help.
>
> JP
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Asim
> Ahmed Khan
> Sent: Saturday, March 17, 2007 12:29 AM
> To: Shorewall Users
> Subject: Re: [Shorewall-users] Blocking IP range (shorewall v3)
>
> Hi JP,
>
> Its Ahmed here. The problem you wrote seems to have roots in old
> version of host OS installed. Can you elaborate a little more which OS
> and Version / build are you using ? I had the same problem when i was
> operating shorewall under Redhat Linux 9. What i figured out was that
> the IPTABLES in that linux build didn't have capability for IP Range
> matching. I googled for that solutinon and found that rather advance
> release of linux OSs have this capability so i installed Fedora Core 4
> and same rules worked just great. Its goes like this, if you want to
> allow only IPs from 4.51 to 4.79 to access the internet zone.
>
> ACCEPT loc:192.168.4.51-192.168.4.79 net
>
> Hope this helps.
>
> Regards,
>
> Asim Ahmed
> IT Manager.
> Folio3
>
> On 3/17/07, George <[EMAIL PROTECTED]> wrote:
> > Can someone help me with this ?
> >
> >
> >
> > _____
> >
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of George
> > Sent: Thursday, March 15, 2007 9:59 AM
> > To: [email protected]
> > Subject: [Shorewall-users] Blocking IP range (shorewall v3.0)
> >
> >
> >
> > Hi all,
> >
> > I need to block a range of IPs (for example 192.168.2.50 - 192.168.2.60 ),
> > but I can't seem to figure out how to do that. I've got a blacklist file
> > that I use to add single addresses, but when it comes to ranges - it is
> > inconvenient to list all IPs one by one, and I didn't understand the docs
> on
> > this subject. Can someone help me?
> >
> >
> >
> > Thanks!
> >
> >
> >
> > JP
> >
> >
>
>
> --
> Regards,
>
> Asim Ahmed Khan
> Contact : 0345-2109368
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
