Find the answer to your Linux question:
Results 1 to 5 of 5
I'm working on tightening up my firewall and I just want to verify that I'm understanding what I'm reading: If I create an allow rule from 192.168.0.0/16 this has the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    397

    IP Tables network address ranges?


    I'm working on tightening up my firewall and I just want to verify that I'm understanding what I'm reading:

    If I create an allow rule from 192.168.0.0/16 this has the same effect as 192.168.*.*/* (which gives me a bad source error) and will allow all connections to the particular service from everything on my local network? (And not from anywhere else?)

    And the same goes for 10.0.0.0/8 = 10.*.*.*/*?

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    192.168.0.0/16 will match anything starting with 192.168.
    10.0.0.0/8 will match anything that starts with a 10.

    What is the complete rule that is giving you the Bad source error?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Linux User Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    397
    sudo ufw allow from 192.168.*.*/* to port 135/tcp

    (Setting up samba and the old rule that was created by samba when I installed it was to allow from everywhere, same goes for the other three ports.)

    Wild cards work in so many things I figured I'd try it. But I got a bad source error.

    I'm still trying to figure out the syntax for tighter ranges (i.e. 192.168.1.1 -192.168.1.20).

    I'm just weaning off of various cli's for IPTables and starting to get directly in to it.

    To help prevent spoofing, what I'd really like to do is assign an "unusual" block of private address (like a sub-set of the 172's) to my DHCP protocols and just set everything up to auto-default to that block of addresses so I don't have to fiddle with static routes. And then pinhole that block of addresses in my firewall.

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Forget the wildcards and write it out 192.168.0.0/24

    I do not know how this is done in ufw but with iptables it is done like THIS

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Linux User Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    397
    Quote Originally Posted by Lazydog View Post
    Forget the wildcards and write it out 192.168.0.0/24

    I do not know how this is done in ufw but with iptables it is done like THIS
    Cool, thanks for the link. I've added it to my bookmarks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •