iptable rules not blocking

I am trying to allow SSH access to a certain range of IPs (from 192.168.1.1 to 192.168.1.24) and block all the rest, but since I am new to iptables I can't seem to figure it out. I have :

iptables -A INPUT -s 192.168.1.0/24 -p udp --dport ssh -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j REJECT
iptables -A INPUT -p udp --dport ssh -j REJECT

Tut this does not work, with a VM set with 192.168.1.89 I can still access through SSH. Can someone help?


192.168.1.0/24 is not from 1 to 24 but using 24 bits (= the 3 1st blocks) so it will accept anything starting with 192.168.1. The right one is /27 but it will allow up to 192.168.1.31.

The next smaller range will be /28 that will allow up to 192.168.1.15.


/24 is the CIDR length, not a range.

To use a range, do this:

iptables -A INPUT -m iprange --src-range 192.168.1.1-192.168.1.24 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j REJECT