Answer the question
In order to leave comments, you need to log in
J
J
Julia Lis2021-12-09 13:47:13
Julia Lis, 2021-12-09 13:47:13
How to find ip addresses by mask in iptables linux?
Can you please tell me how to find ip addresses by mask in iptables?
for example, you need 192.168.*.*
Everyone who belongs to him?
Do I need to build with grep?
And the second question, is it possible to somehow see the entire list of banned IPs?
1 answer(s)
@julia1990
C
CityCat4, 2021-12-10 @julia1990
Take and read the rules :) There may not be a direct list. Moreover, I would not keep it there, for example. There is such a thing - ipset, designed to store lists of addresses, ports, etc. And it is very often paired with iptables. If ipset is used in the iptables rule itself, there will be no list of addresses.
For example, here is how I block RFC1918 addresses from the external interface (that is, where they theoretically should not be):
/etc/sysconfig/ipset
# RFC1918 networks
create rfc1918 hash:net family inet hashsize 1024 maxelem 65536
add rfc1918 10.0.0.0/8
add rfc1918 172.16.0.0/12
add rfc1918 192.168.0.0/16
/etc/sysconfig/iptables
*mangle
# Mark packets, which BEFORE NAT have RFC1918-compliant addresses
-A PREROUTING -i eth1 -m set --match-set rfc1918 src -j MARK --set-mark 1
*filter
# Drop packets, which marked to drop in mangle table
-A FORWARD -m mark --mark 1 -j DROP
Similar questions
R
A
A
C
L
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question