-4

I want to enable the entire subnet 192.168.1.0/24 which is connected to eth0 in input. I'm very unfamiliar with iptables.

If I add the rule:

# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 45678 -j ACCEPT

it works on ONE port. But we want all ports open to our subnet (both tcp and udp), so I tried:

# iptables -A INPUT -i eth0 -j ACCEPT

But it fails (no error, we simply cannot connect). What is the correct syntax ?

dargaud
  • 193
  • 1
  • 7
  • 1
    The syntax is right (though that last line essentially turns the firewall off on that interface). But with `iptables` rules, **order is important because first dispositive match wins**. If you show us the *whole* of your ruleset, with `iptables -L -n -v`, we might be able to comment further. – MadHatter Feb 29 '16 at 15:59
  • Or you could just give us the output of `iptables-save`. – Parthian Shot Feb 29 '16 at 16:05
  • Just remove `-p tcp -m tcp --dport 45678`. If you are doing this without saving to disk, then change `-A` to `-I` to insert the rule at the top. – Aaron Feb 29 '16 at 17:03
  • Ha, OK, I though it was the last rule that won. Thanks. – dargaud Mar 01 '16 at 13:13

1 Answers1

4

Just allow the whole subnet without further qualification

iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT.

Note the use of -I rather than -A.

user9517
  • 115,471
  • 20
  • 215
  • 297