[SOLVED] Iptables

[jaymc]

I want to add a rule that applies to a list of IP addresses, for instance

 

-A INPUT -p tcp -m tcp -s "90.12.13.101,77.97.124.91" --dport 3306 -j ACCEPT

 

Comma separated values to define certain IP's would be good. Using the range feature is useless as these are internet IP addresses

 

Can this be done without adding the same rule for each IP address

 

Thanks

[trq]

Unforunately iptables will not accept a coma seperated list. If your using bash as your shell you could use an array.

 

ips=(90.12.13.101 77.97.124.91)
for index in $(seq 0 $((${#ips[@]} - 1))) ; do
  -A INPUT -p tcp -m tcp -s ${ips[$index]} --dport 3306 -j ACCEPT
done

[jaymc]

Dam

 

bash as shell?

 

Im just editing /etc/sysconfig/iptables via SSH

 

Im assuming your example above will just generate the lines as in, in the raw conf file there will still be a line for each IP rule?

[trq]

Im just editing /etc/sysconfig/iptables via SSH

 

Sorry, that file is distro specific. Has'nt ever existed on any of my systems (Debain / Gentoo).

 

Im assuming your example above will just generate the lines as in, in the raw conf file there will still be a line for each IP rule?

 

I think you'll find that raw config file is actually a shell script. Does it have a shebang at the top?

 

If it is (which it should be) you can write any shell scripting within it.

[jaymc]

It does not have a shebang

[trq]

Well, I guess its not a script then. You'll need to write each line manually.

[jaymc]

Thanks