FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 07-14-2011, 12:48 PM
Jatin K
 
Default how to specify IP not equal to in iptables rules ????

Dear All Gurus,

I want to deny a particular IP (172.16.158.111) address in my network to
FTP on server (RHEL6), I'm trying to add the following[1][2] iptabls
rules on server and getting error [3]


[1] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 21 -j DROP
[2] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 20 -j DROP

[3] Using intrapositioned negation (`--option ! this`) is deprecated in
favor of extrapositioned (`! --option this`).


if I try following [4] it throws error like " bash: !172: event not
found " (I think it tries to recall a command from history ..may be not
sure )

[4] iptables -A INPUT -s !172.16.158.111 -p tcp --dport 21 -j DROP


So how to go ...??? and any one guide to the right direction ????? how
do I add a rule like IP or the PORTs is not equal to ?


Warm Regards

v
/(_)
^ ^ Jatin Khatri
Registerd Linux user No #501175
www.counter.li.org
No M$

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-14-2011, 01:04 PM
Mogens Kjaer
 
Default how to specify IP not equal to in iptables rules ????

On 07/14/2011 02:48 PM, Jatin K wrote:
> So how to go ...??? and any one guide to the right direction ????? how
> do I add a rule like IP or the PORTs is not equal to ?

man iptables:

...
[!] -s, --source address[/mask][,...]
...

Put the ! before -s.

Mogens
--
Mogens Kjaer, mk@lemo.dk
http://www.lemo.dk
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-14-2011, 01:07 PM
Robert Nichols
 
Default how to specify IP not equal to in iptables rules ????

On 07/14/2011 07:48 AM, Jatin K wrote:
> Dear All Gurus,
>
> I want to deny a particular IP (172.16.158.111) address in my network to
> FTP on server (RHEL6), I'm trying to add the following[1][2] iptabls
> rules on server and getting error [3]
>
>
> [1] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 21 -j DROP
> [2] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 20 -j DROP
>
> [3] Using intrapositioned negation (`--option ! this`) is deprecated in
> favor of extrapositioned (`! --option this`).
>
>
> if I try following [4] it throws error like " bash: !172: event not
> found " (I think it tries to recall a command from history ..may be not
> sure )
>
> [4] iptables -A INPUT -s !172.16.158.111 -p tcp --dport 21 -j DROP
>
>
> So how to go ...??? and any one guide to the right direction ????? how
> do I add a rule like IP or the PORTs is not equal to ?

The exclamation point needs to be followed by white space to keep the shell
from trying to interpret it. The recommended syntax is to put the '!'
_before_ the option flag:

iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-14-2011, 01:08 PM
Gregory Hosler
 
Default how to specify IP not equal to in iptables rules ????

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/14/2011 08:48 PM, Jatin K wrote:
> Dear All Gurus,
>
> I want to deny a particular IP (172.16.158.111) address in my network to
> FTP on server (RHEL6), I'm trying to add the following[1][2] iptabls
> rules on server and getting error [3]
>
>
> [1] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 21 -j DROP
> [2] iptables -A INPUT -s! 172.16.158.111 -p tcp --dport 20 -j DROP
>
> [3] Using intrapositioned negation (`--option ! this`) is deprecated in
> favor of extrapositioned (`! --option this`).
>
>
> if I try following [4] it throws error like " bash: !172: event not
> found " (I think it tries to recall a command from history ..may be not
> sure )
>
> [4] iptables -A INPUT -s !172.16.158.111 -p tcp --dport 21 -j DROP
>
>
> So how to go ...??? and any one guide to the right direction ????? how
> do I add a rule like IP or the PORTs is not equal to ?

Like [4], but escape the !

iptables -A INPUT -s !172.16.158.111 -p tcp --dport 21 -j DROP
or iptables -A INPUT -s "!172.16.158.111" -p tcp --dport 21 -j DROP

*should* work (both untested).

Be that as it may, if you are trying to single out 172.16.158.111 and drop that
address, then you really don't want the negation...

All the best,

- -Greg

> Warm Regards
>
> v
> /(_)
> ^ ^ Jatin Khatri
> Registerd Linux user No #501175
> www.counter.li.org
> No M$
>


- --
+---------------------------------------------------------------------+

Please also check the log file at "/dev/null" for additional information.
(from /var/log/Xorg.setup.log)

| Greg Hosler ghosler@redhat.com |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk4e6mcACgkQ404fl/0CV/SpUACfadNYa9mhDRUc8KgWo61spoyJ
9xcAn1EauhKQnVobUTxQKQwkWe5OAH/2
=tuHf
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-14-2011, 01:42 PM
g
 
Default how to specify IP not equal to in iptables rules ????

On 07/14/2011 12:48 PM, Jatin K wrote:
<>

> So how to go ...??? and any one guide to the right direction ????? how
> do I add a rule like IP or the PORTs is not equal to ?


when using the negation, "!", you need to use a <space> before and after,
such as;

[1] iptables -A INPUT -s ! 172.16.158.111 -p tcp --dport 21 -j DROP
[2] iptables -A INPUT -s ! 172.16.158.111 -p tcp --dport 20 -j DROP


do note that negation, in effect, means 'not' or 'other than'.

so, above would 'DROP' if not '172.16.158.111'.

therefore, try without "!".

as i have not used "!" in some time, and do not recall how/why, i may be in
error on this, and i am basing this on what is shown in 'iptables' man page
and what is written in publication;

Red Hat Linux Firewalls, ISBN 0-7645-2463-1
published by Wiley Publishing, Inc.
Copyright 2003 by Red Hat, Inc.


hth.
--

peace out.

tc.hago,

g
.

****
in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
The installation instructions stated to install Windows 2000 or better.
So I installed Linux.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/
****

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 05:09 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org