This is what I did ... write a script! You could have several parts, one for accepted hosts, etc... I actually had certain ports that I had a bunch of eggdrops allowed access on... listed the rules for the ports and added the IPs to the first line ...
for i in a.b.c.d e.f.g.h i.j.k.l do iptables -A inet-in -s $i -j ACCEPT done Antony Stone wrote: >On Thursday 16 May 2002 12:12 am, Adrian Hobbs wrote: > > > >>I am wondering what is the best way to specify an odd group of hosts. For >>example, I want to allow managment hosts access to 192.168.0.5. The >>managment hosts are 192.168.1.4, 192.168.1.12, 192.168.1.96. >> >>eg: >>iptables -A FORWARD -p tcp -d 192.168.0.5 --dport 22 -j MNG_HOST >> >>iptables -A MNG_HOST -s 192.168.1.4 -j ACCEPT >>iptables -A MNG_HOST -s 192.168.1.12 -j ACCEPT >>iptables -A MNG_HOST -s 192.168.1.96 -j ACCEPT >>iptables -A MNG_HOST -j DENY >> >> > >Looks like the best way of doing it to me. There's no way to specify >multiple source or destination addresses in a single iptables rule except for >the contiguous network ranges you've already found in the docs. > > > >Antony. > > > >
