George wrote: > Hi all, > > I need to block a range of IPs (for example 192.168.2.50 – 192.168.2.60 > ), but I can’t seem to figure out how to do that. I’ve got a blacklist > file that I use to add single addresses, but when it comes to ranges – > it is inconvenient to list all IPs one by one, and I didn’t understand > the docs on this subject. Can someone help me? >
Shorewall 3.4 allows you to simply include the range as 192.168.2.50-192.168.2.60 (notice that no embedded space is allowed). I just uploaded 3.4.1 to http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.1/ and that version is preferred over 3.4.0 which has a number of issues). Otherwise, use the "shorewall iprange" command to convert the range into a series of networks: [EMAIL PROTECTED]:~/shorewall-3.4.1# shorewall iprange 192.168.2.50-192.168.2.60 192.168.2.50/31 192.168.2.52/30 192.168.2.56/30 192.168.2.60 [EMAIL PROTECTED]:~/shorewall-3.4.1# You would then add 4 records to /etc/shorewall/blacklist with the above for networks. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
