Blocking IP range using iptables

Asked Sep 06 '17 at 04:05

Active Sep 06 '17 at 04:05

Viewed 2,184 times

What would the command be to block a range of IPs to port 80?

The block of IP I want to block is 123.56.x.x and 123.57.x.x.

What would the correct command be?

iptables -I FORWARD -p tcp --dport 80 -s 123.57/15 -j DROP
iptables -I FORWARD -p tcp --dport 80 -m iprange --src-range 123.56.0.0-123.57.255.255 -j DROP

Or is the correct command something else?

Note that I don't want to accidentally block addresses outside of 123.56.x.x and 123.57.x.x.

asked Sep 06 '17 at 04:05

chuacw

Although personally I would use 123.56.0.0/15 rather than 123.57/15 both syntaxes are different approaches that effectively match the same range of source ip-addresses, one is not more correct than the other. – HBruijn Sep 06 '17 at 04:34

Blocking IP range using iptables

0 Answers0