Results 1 to 5 of 5
I'm working on tightening up my firewall and I just want to verify that I'm understanding what I'm reading: If I create an allow rule from 192.168.0.0/16 this has the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 03-14-2013 #1
IP Tables network address ranges?
I'm working on tightening up my firewall and I just want to verify that I'm understanding what I'm reading:
If I create an allow rule from 192.168.0.0/16 this has the same effect as 192.168.*.*/* (which gives me a bad source error) and will allow all connections to the particular service from everything on my local network? (And not from anywhere else?)
And the same goes for 10.0.0.0/8 = 10.*.*.*/*?
- 03-17-2013 #2
192.168.0.0/16 will match anything starting with 192.168.
10.0.0.0/8 will match anything that starts with a 10.
What is the complete rule that is giving you the Bad source error?
- 03-18-2013 #3
sudo ufw allow from 192.168.*.*/* to port 135/tcp
(Setting up samba and the old rule that was created by samba when I installed it was to allow from everywhere, same goes for the other three ports.)
Wild cards work in so many things I figured I'd try it. But I got a bad source error.
I'm still trying to figure out the syntax for tighter ranges (i.e. 192.168.1.1 -192.168.1.20).
I'm just weaning off of various cli's for IPTables and starting to get directly in to it.
To help prevent spoofing, what I'd really like to do is assign an "unusual" block of private address (like a sub-set of the 172's) to my DHCP protocols and just set everything up to auto-default to that block of addresses so I don't have to fiddle with static routes. And then pinhole that block of addresses in my firewall.
- 03-18-2013 #4
- 03-20-2013 #5