On Thursday 16 May 2002 12:12 am, Adrian Hobbs wrote: > I am wondering what is the best way to specify an odd group of hosts. For > example, I want to allow managment hosts access to 192.168.0.5. The > managment hosts are 192.168.1.4, 192.168.1.12, 192.168.1.96. > > eg: > iptables -A FORWARD -p tcp -d 192.168.0.5 --dport 22 -j MNG_HOST > > iptables -A MNG_HOST -s 192.168.1.4 -j ACCEPT > iptables -A MNG_HOST -s 192.168.1.12 -j ACCEPT > iptables -A MNG_HOST -s 192.168.1.96 -j ACCEPT > iptables -A MNG_HOST -j DENY
Looks like the best way of doing it to me. There's no way to specify multiple source or destination addresses in a single iptables rule except for the contiguous network ranges you've already found in the docs. Antony.
