3

I am needing to set up IPtables to accept traffic on many internal IP's. Is there a wildcard I can use for part of the ip address? For example: 192.168..

Or would there a better alternative?

user9517
  • 115,471
  • 20
  • 215
  • 297
Queencity13
  • 137
  • 1
  • 3
  • 6
  • 3
    This question appears to be off-topic because it is about basic unix/linux knowledge and would be better off at http://unix.stackexchange.com. – Jenny D Jul 11 '13 at 09:23

5 Answers5

10

iptables does not know wildcards but used the CIDR method. F.e: -s 192.168.0.0/24 will cover all the hosts from 192.168.0.1 to 192.168.0.254.

You can find more info about CIDR here

Goez
  • 1,838
  • 1
  • 11
  • 15
8

No wildcard per se, but you can specify a CIDR netmask:

192.168.0.0/16

The above would be the CIDR equivalent of the example you gave.

EEAA
  • 109,363
  • 18
  • 175
  • 245
6

Not really a wildcard, you can match IP Adresses by subnets:

192.168.0.0/16 192.168.1.0/24 192.168.2.0/25

Another way is to use ipranges like this: iptables -A INPUT --destination-port 80 -m iprange --src-range From_IP-To_IP -j ACCEPT

There is a second module for --dest-range as well.

Comradin
  • 321
  • 3
  • 11
3

iptables supports using CIDR notation, so for your example you can use 192.168.0.0/16.

Unrelatedly, please consider working on your accept-rate.

nickgrim
  • 4,466
  • 1
  • 19
  • 28
3

For future googlers, as of current version of iptables 1.4.7

Single port IP Range

iptables -A INPUT -p tcp --dport 8080 -m iprange --src-range 192.168.0.0-192.168.254.254 -j ACCEPT

Multiple port IP Range

iptables -A INPUT -p tcp -m multiport --dports 21,8080 -m iprange --src-range 192.168.0.0-192.168.254.254 -j ACCEPT
Ergec
  • 608
  • 1
  • 9
  • 25