Iptables

iptables range is reversed and will never match

2 minute read Modified: 30 Jul, 2018

This blogpost was original posted on Capitar’s blog

The problem

When customers ask us to allow some IP addresses to their services they might give us an IP-range in the following way.

10.0.0.1-6

This means they want the following IP addresses to have access: 10.0.0.1, 10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5 and 10.0.0.6. But when you use this notation with iptables it gives an warning.

# iptables -A INPUT -m iprange --src-range 10.0.0.1-6 -j ACCEPT
xt_iprange: range 10.0.0.1-6 is reversed and will never match

This message is not displayed when 10.0.0.1-16 is used, although this will not result in the expected result.

Recent posts

- full list -

Tags

- full list -

1040g4 access port adsl amd64 apache bind blog bootloader bugs centos7 ch3snas cli console debian dkim dmarc dns dnssec dos dovecot dutch edgerouter elitebook email encrypt fedora file firefox firewall fix freebsd freenas fun_plug gnu screen hack history hp hugo i386 icmp icmp6 icmpv6 insert key installation ip ipsec iptables ipv6 isa isso java journal kernel keyboard ldd library linux loader.conf locale matrix nic osx perl pfa ping postfix postfixadmin postgresql psql pvid qnap qpg qts roundcube sceen selinux setup shell sip_spoof sniffing speedtouch spf ssh ssl sslh strace svg favicon synapse systemd tagged tcpdump theme tinc tls trunk port ubuntu untagged usb vlan vpn whoopsie wireshark xdg xterm