1. General
  2. Questions
0
Answered

Block IP Range in Firewall

an solas 10 years ago updated 10 years ago 10
Hi, 
is it possible to block IP Ranges in the Firewall, please?

Answer

Answer
Answered
Eugene Pankov (Project coordinator) 10 years ago
You can use src-range iptables option: http://www.cyberciti.biz/tips/linux-iptables-how-to-specify-a-range-of-ip-addresses-or-ports.html
Answer
Answered
Eugene Pankov (Project coordinator) 10 years ago
You can use src-range iptables option: http://www.cyberciti.biz/tips/linux-iptables-how-to-specify-a-range-of-ip-addresses-or-ports.html
an solas 10 years ago
So I have to edit it using the RAW tab?
https://www.dropbox.com/s/gabakc75wmi0x5m/Screensh...
?
Eugene Pankov (Project coordinator) 10 years ago
Just add this option in GUI (as a custom option). You don't have to edit the raw file. Also you don't need to put "iptables" before the lines there.
an solas 10 years ago
I managed it now I think, but the RAW seams to be more intuitive than the GUI.
eg: When I click add rule while being on Page2, an empty accept rule is added and the GUI shows page 1 again :) Kinda confusing.

Is there a way to show more than 10 rules on one page ?
an solas 10 years ago
Like this:
https://www.dropbox.com/s/40mbelhi982j6q3/Screenshot%202014-07-08%2010.29.55.png ?
an solas 10 years ago
I I save the file and apply the change i get:
iptables-restore v1.4.14: Can't set policy `ACCEPT' on `INPUT' line 10: Bad built-in chain name                                                                 







 * Process has exited with status 256







an solas 10 years ago
thats my current RAW config:
*mangle
:PREROUTING ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT --in-interface lo -j ACCEPT
-A INPUT --match conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT --protocol tcp --match tcp --destination-port 22 -j ACCEPT
-A INPUT --protocol tcp --match tcp --destination-port 8000 -j ACCEPT

iptables -A INPUT -m iprange --src-range 85.153.25.2-85.153.25.255 -j DROP
iptables -A INPUT -m iprange --src-range 14.164.9.206-14.164.9.206 -j DROP
iptables -A INPUT -m iprange --src-range 211.0.0.0-211.255.255.255 -j DROP


COMMIT


Is it normal that when I save it, its not shown up in the GUI?
Do I have to apply it in gui , please?
an solas 10 years ago
When I save the raw and than apply it nothing is added to iptables. same when just saving? How to apply RAW rules?
root@h2318011:~# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:8000

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@h2318011:~#
an solas 10 years ago
I have now deleted all RAW rule files under the RAW tab and came back to the GUI:

https://www.dropbox.com/s/2k0eqdmb6lofc8f/Screenshot%202014-07-08%2011.28.01.png

https://gist.github.com/daslicht/3af399475b3603948b51

Looks promising!
an solas 10 years ago
Arg now the IMAP no longer works :(

Customer support service by UserEcho