0
Respost

Block IP Range in Firewall

an solas fa 6 anys actualitzat fa 6 anys 10
Hi, 
is it possible to block IP Ranges in the Firewall, please?

Answer

Answer
Respost
You can use src-range iptables option: http://www.cyberciti.biz/tips/linux-iptables-how-to-specify-a-range-of-ip-addresses-or-ports.html
Answer
Respost
You can use src-range iptables option: http://www.cyberciti.biz/tips/linux-iptables-how-to-specify-a-range-of-ip-addresses-or-ports.html
Just add this option in GUI (as a custom option). You don't have to edit the raw file. Also you don't need to put "iptables" before the lines there.
I managed it now I think, but the RAW seams to be more intuitive than the GUI.
eg: When I click add rule while being on Page2, an empty accept rule is added and the GUI shows page 1 again :) Kinda confusing.

Is there a way to show more than 10 rules on one page ?
I I save the file and apply the change i get:
iptables-restore v1.4.14: Can't set policy `ACCEPT' on `INPUT' line 10: Bad built-in chain name                                                                 







 * Process has exited with status 256







thats my current RAW config:
*mangle
:PREROUTING ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT --in-interface lo -j ACCEPT
-A INPUT --match conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT --protocol tcp --match tcp --destination-port 22 -j ACCEPT
-A INPUT --protocol tcp --match tcp --destination-port 8000 -j ACCEPT

iptables -A INPUT -m iprange --src-range 85.153.25.2-85.153.25.255 -j DROP
iptables -A INPUT -m iprange --src-range 14.164.9.206-14.164.9.206 -j DROP
iptables -A INPUT -m iprange --src-range 211.0.0.0-211.255.255.255 -j DROP


COMMIT


Is it normal that when I save it, its not shown up in the GUI?
Do I have to apply it in gui , please?
When I save the raw and than apply it nothing is added to iptables. same when just saving? How to apply RAW rules?
root@h2318011:~# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:8000

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@h2318011:~#
Arg now the IMAP no longer works :(