iptable rules not blocking
I am trying to allow SSH access to a certain range of IPs (from 192.168.1.1
to 192.168.1.24
) and block all the rest, but since I am new to iptables I can't seem to figure it out. I have :
iptables -A INPUT -s 192.168.1.0/24 -p udp --dport ssh -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j REJECT
iptables -A INPUT -p udp --dport ssh -j REJECT
Tut this does not work, with a VM set with 192.168.1.89
I can still access through SSH. Can someone help?
192.168.1.0/24
is not from 1 to 24 but using 24 bits (= the 3 1st blocks) so it will accept anything starting with 192.168.1. The right one is /27 but it will allow up to 192.168.1.31.
The next smaller range will be /28 that will allow up to 192.168.1.15.
/24 is the CIDR length, not a range.
To use a range, do this:
iptables -A INPUT -m iprange --src-range 192.168.1.1-192.168.1.24 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j REJECT