iptable rules not blocking

ssh iptables

I am trying to allow SSH access to a certain range of IPs (from 192.168.1.1 to 192.168.1.24) and block all the rest, but since I am new to iptables I can't seem to figure it out. I have : 

iptables -A INPUT -s 192.168.1.0/24 -p udp --dport ssh -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j REJECT
iptables -A INPUT -p udp --dport ssh -j REJECT

Tut this does not work, with a VM set with 192.168.1.89 I can still access through SSH. Can someone help?


192.168.1.0/24 is not from 1 to 24 but using 24 bits (= the 3 1st blocks) so it will accept anything starting with 192.168.1. The right one is /27 but it will allow up to 192.168.1.31.

The next smaller range will be /28 that will allow up to 192.168.1.15.


/24 is the CIDR length, not a range.

To use a range, do this:

iptables -A INPUT -m iprange --src-range 192.168.1.1-192.168.1.24 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j REJECT

Related

How to fix "ruby installation is missing psych (for YAML output)." on CentOS?
Leverage proxy caching with nginx by removing Set-Cookie header
Is there a way to tell a device name (computer name) which connects to the internet jack from a wall without accessing the switch to find out?
What's the minimum required Squid config to make a public proxy server?
Command to determine type of AIX hardware
Logstash binding to a port already in use
How to enable OPcache in Debian?
LSI MegaRAID Expected Chip Temperature?
Add authentication keys to dropbear ssh?
Static IP for cloudfront
How do Administrative Templates (ADMX files) work?
Is there a way to tell how long a machine has been in an security group?