FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 07-16-2011, 09:11 AM
Jatin K
 
Default how to specify IP not equal to in iptables rules ????

On Saturday 16 July 2011 02:22 PM, g wrote:
> On 07/16/2011 05:40 AM, Jatin K wrote:
>> On Saturday 16 July 2011 10:18 AM, g wrote:
>>> On 07/16/2011 04:25 AM, Jatin K wrote:
>>> <>
>>>
>>>> Sorry, that was my mistake :-(
>>> that happens. but does make things difficult to help.
>>>
>>>> actually I got the solution what was needed, from this list.
>>> and was so noted. wherein, a little more info would be nice.
>>>
>>> did blocking work with;
>>>
>>> [1] iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP
>>> or
>>> [2] iptables -A INPUT -s ! 172.16.158.111 -p tcp --dport 21 -j DROP
>>>
>>> syntax tends to indicate that [2] is correct, as [1] would tend to
>>> indicate "NOT source".
>>
>> [2] worked for me
> this is what i recall having used, and more logical.
>
>> ...by the way we need to indicate ! like '!' ( in
>> single quote)
>>
>> iptables -A INPUT -s '!' 172.16.158.111 -p tcp --dport 21 -j DROP
> this is not as i recall using, nor is it as such in man page or in
> 'Red Hat Linux Firewalls'.
>
> in man page, when shown as an option, [!] is used. when in description,
> "!" is used. (with 2 exceptions)
>
> in 'Red Hat Linux Firewalls', examples are show without quotes.
>
> so,
>
> [1] did you find without single quote to not work and then tried
> with single quotes?
>

without single quote like this[1]
[1] iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP

on bash it seems like it tries to find out previously run command in my
cash it finds a command started with -s ( which fails as I've not run
any command which starts with -s )

but when I tried to put it like '!'... its good to go




> or,
>
> [2] are you using "echo" to send line to iptables?
no



> and please, excuse my questioning, as at this time i do not have a
> networking system available to experiment with, and your answers will
> help when i do. thank you.
>


Warm Regards

--
v
/(_)
^ ^ Jatin Khatri
Registerd Linux user No #501175
www.counter.li.org
No M$

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-16-2011, 09:57 AM
g
 
Default how to specify IP not equal to in iptables rules ????

On 07/16/2011 09:11 AM, Jatin K wrote:
> On Saturday 16 July 2011 02:22 PM, g wrote:
>> On 07/16/2011 05:40 AM, Jatin K wrote:
>>> On Saturday 16 July 2011 10:18 AM, g wrote:
>>>> On 07/16/2011 04:25 AM, Jatin K wrote:
>>>> <>
>>>>
>>>>> Sorry, that was my mistake :-(
>>>> that happens. but does make things difficult to help.
>>>>
>>>>> actually I got the solution what was needed, from this list.
>>>> and was so noted. wherein, a little more info would be nice.
>>>>
>>>> did blocking work with;
>>>>
>>>> [1] iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP
>>>> or
>>>> [2] iptables -A INPUT -s ! 172.16.158.111 -p tcp --dport 21 -j DROP
>>>>
>>>> syntax tends to indicate that [2] is correct, as [1] would tend to
>>>> indicate "NOT source".
>>>
>>> [2] worked for me
>>
>> this is what i recall having used, and more logical.
>>
>>> ...by the way we need to indicate ! like '!' ( in
>>> single quote)
>>>
>>> iptables -A INPUT -s '!' 172.16.158.111 -p tcp --dport 21 -j DROP
>> this is not as i recall using, nor is it as such in man page or in
>> 'Red Hat Linux Firewalls'.
>>
>> in man page, when shown as an option, [!] is used. when in description,
>> "!" is used. (with 2 exceptions)
>>
>> in 'Red Hat Linux Firewalls', examples are show without quotes.
>>
>> so,
>>
>> [1] did you find without single quote to not work and then tried
>> with single quotes?
>>
>
> without single quote like this[1]
> [1] iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP

now you are trying to confuse me.

because;

}> On Saturday 16 July 2011 10:18 AM, g wrote:
}> >> On 07/16/2011 04:25 AM, Jatin K wrote:
}> >> <>
}> >>
}> >>>> Sorry, that was my mistake :-(
}> >> that happens. but does make things difficult to help.
}> >>
}> >>>> actually I got the solution what was needed, from this list.
}> >> and was so noted. wherein, a little more info would be nice.
}> >>
}> >> did blocking work with;
}> >>
}> >> [1] iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP
}> >> or
}> >> [2] iptables -A INPUT -s ! 172.16.158.111 -p tcp --dport 21 -j DROP
}> >>
}> >> syntax tends to indicate that [2] is correct, as [1] would tend to
}> >> indicate "NOT source".
}>
}>
}> [2] worked for me ...by the way we need to indicate ! like '!' ( in
}> single quote)
}>
}> iptables -A INPUT -s '!' 172.16.158.111 -p tcp --dport 21 -j DROP


> on bash it seems like it tries to find out previously run command in my
> cash it finds a command started with -s ( which fails as I've not run
> any command which starts with -s )

what are you meaning by "on bash"?


> but when I tried to put it like '!'... its good to go
>
>
>> or,
>>
>> [2] are you using "echo" to send line to iptables?
>
> no

just how are you enter new line into iptables?


--

peace out.

tc.hago,

g
.

****
in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
The installation instructions stated to install Windows 2000 or better.
So I installed Linux.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/
****

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-18-2011, 04:30 AM
Jatin K
 
Default how to specify IP not equal to in iptables rules ????

On Saturday 16 July 2011 03:27 PM, g wrote:
> On 07/16/2011 09:11 AM, Jatin K wrote:
>> On Saturday 16 July 2011 02:22 PM, g wrote:
>>>
>>>>>
>>>>>> actually I got the solution what was needed, from this list.
>> without single quote like this[1]
>> [1] iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP
> now you are trying to confuse me.
>
> because;
>
> }> On Saturday 16 July 2011 10:18 AM, g wrote:
> }> >> On 07/16/2011 04:25 AM, Jatin K wrote:
> }> >> <>
> }> >>
> }> >>>> Sorry, that was my mistake :-(
> }> >> that happens. but does make things difficult to help.
> }> >>
> }> >>>> actually I got the solution what was needed, from this list.
> }> >> and was so noted. wherein, a little more info would be nice.
> }> >>
> }> >> did blocking work with;
> }> >>
> }> >> [1] iptables -A INPUT ! -s 172.16.158.111 -p tcp --dport 21 -j DROP
> }> >> or
> }> >> [2] iptables -A INPUT -s ! 172.16.158.111 -p tcp --dport 21 -j DROP
> }> >>
> }> >> syntax tends to indicate that [2] is correct, as [1] would tend to
> }> >> indicate "NOT source".
> }>
> }>
> }> [2] worked for me ...by the way we need to indicate ! like '!' ( in
> }> single quote)
> }>
> }> iptables -A INPUT -s '!' 172.16.158.111 -p tcp --dport 21 -j DROP
>
>
>> on bash it seems like it tries to find out previously run command in my
>> cash it finds a command started with -s ( which fails as I've not run
>> any command which starts with -s )
> what are you meaning by "on bash"?

bash = /bin/bash ( Linux shell )



>
>> but when I tried to put it like '!'... its good to go
>>
>>
>>> or,
>>>
>>> [2] are you using "echo" to send line to iptables?
>> no
> just how are you enter new line into iptables?
>
>
I just type the iptables command like following in shell ( /bin/bash or
the tty terminal or the linux command line )

iptables -A INPUT -s '!' 172.16.158.111 -p tcp --dport 21 -j DROP



if said command uses "echo" as a child process, I'm not aware about it. I just use iptables command to add a rule



--
v
/(_)
^ ^ Jatin Khatri
Registerd Linux user No #501175
www.counter.li.org
No M$

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 06:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org