2

I am trying to set up this rule :

 iptables -A INPUT -i eth1 -p tcp -s ! 10.111.11.0/24 --dport ssh --syn -m state --state NEW -j ACCEPT

but it doesnt work. When i change place of !

 iptables -A INPUT -i eth1 -p tcp ! -s 10.111.11.0/24 --dport ssh --syn -m state --state NEW -j ACCEPT

its ok but i am not sure is it working correctly. In every tut on net "!" is between -s and ip not in front of it.

Kriss
  • 321
  • 3
  • 17
  • Could you clarify "*it doesn't work*"? And you are escaping that `!`, aren't you? – MadHatter Dec 12 '13 at 21:48
  • I must say, iptables is extremely powerful, but it's command line interface crap. FreeBSD's ipf is significantly easier to understand in my opinion although I haven't used it in a long time. – hookenz Dec 12 '13 at 22:00

1 Answers1

5

Your second example is correct.

The first example is an old and deprecated way of writing such rules; current versions of iptables will print a warning, or refuse the rule entirely, if you use it.

Old tutorials on the Internet, of course, have old information.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972