IPTABLES CONFIGURATION CIDR notation











up vote
0
down vote

favorite












WINPE1 = 192.168.10.5
iptables -A INPUT -p tcp -s 192.168.10.5 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP



iptables -A INPUT -s 192.168.10.5 -p ICMP --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP --icmp-type 8 -j DROP



I have written this rules in response to these guidelines
• Only allow HTTPD traffic from WINPE1. Use an ACCEPT command. We are implementing a DROP policy.
• Allow Ping traffic from WINPE1 only. Again use an ACCEPT command.



However in the guidelines it is stated that Subnet addressing (like 192.160.10.0/24 for example) must be used throughout the firewall, no individual IP addresses allowed for source machines and no specified ranges allowed either e.g. --src-range 192.168.1.100-192.168.1.200.
How do I change the 192.168.10.5 address to cidr notation without granting access to other ip addresses?






firewall







share|improve this question









New contributor




abignetworknoob is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 3




    I've never seen 192.160.10.024 used, why the backslash instead of a forward slash?
    – thrig
    Nov 21 at 20:31















up vote
0
down vote

favorite












WINPE1 = 192.168.10.5
iptables -A INPUT -p tcp -s 192.168.10.5 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP



iptables -A INPUT -s 192.168.10.5 -p ICMP --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP --icmp-type 8 -j DROP



I have written this rules in response to these guidelines
• Only allow HTTPD traffic from WINPE1. Use an ACCEPT command. We are implementing a DROP policy.
• Allow Ping traffic from WINPE1 only. Again use an ACCEPT command.



However in the guidelines it is stated that Subnet addressing (like 192.160.10.0/24 for example) must be used throughout the firewall, no individual IP addresses allowed for source machines and no specified ranges allowed either e.g. --src-range 192.168.1.100-192.168.1.200.
How do I change the 192.168.10.5 address to cidr notation without granting access to other ip addresses?






firewall







share|improve this question









New contributor




abignetworknoob is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 3




    I've never seen 192.160.10.024 used, why the backslash instead of a forward slash?
    – thrig
    Nov 21 at 20:31













up vote
0
down vote

favorite









up vote
0
down vote

favorite











WINPE1 = 192.168.10.5
iptables -A INPUT -p tcp -s 192.168.10.5 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP



iptables -A INPUT -s 192.168.10.5 -p ICMP --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP --icmp-type 8 -j DROP



I have written this rules in response to these guidelines
• Only allow HTTPD traffic from WINPE1. Use an ACCEPT command. We are implementing a DROP policy.
• Allow Ping traffic from WINPE1 only. Again use an ACCEPT command.



However in the guidelines it is stated that Subnet addressing (like 192.160.10.0/24 for example) must be used throughout the firewall, no individual IP addresses allowed for source machines and no specified ranges allowed either e.g. --src-range 192.168.1.100-192.168.1.200.
How do I change the 192.168.10.5 address to cidr notation without granting access to other ip addresses?






firewall







share|improve this question









New contributor




abignetworknoob is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











WINPE1 = 192.168.10.5
iptables -A INPUT -p tcp -s 192.168.10.5 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP



iptables -A INPUT -s 192.168.10.5 -p ICMP --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP --icmp-type 8 -j DROP



I have written this rules in response to these guidelines
• Only allow HTTPD traffic from WINPE1. Use an ACCEPT command. We are implementing a DROP policy.
• Allow Ping traffic from WINPE1 only. Again use an ACCEPT command.



However in the guidelines it is stated that Subnet addressing (like 192.160.10.0/24 for example) must be used throughout the firewall, no individual IP addresses allowed for source machines and no specified ranges allowed either e.g. --src-range 192.168.1.100-192.168.1.200.
How do I change the 192.168.10.5 address to cidr notation without granting access to other ip addresses?






firewall




firewall






share|improve this question









New contributor




abignetworknoob is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




abignetworknoob is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited Nov 21 at 21:44









Community

1




1






New contributor




abignetworknoob is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Nov 21 at 20:19









abignetworknoob

1




1




New contributor




abignetworknoob is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





abignetworknoob is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






abignetworknoob is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 3




    I've never seen 192.160.10.024 used, why the backslash instead of a forward slash?
    – thrig
    Nov 21 at 20:31














  • 3




    I've never seen 192.160.10.024 used, why the backslash instead of a forward slash?
    – thrig
    Nov 21 at 20:31








3




3




I've never seen 192.160.10.024 used, why the backslash instead of a forward slash?
– thrig
Nov 21 at 20:31




I've never seen 192.160.10.024 used, why the backslash instead of a forward slash?
– thrig
Nov 21 at 20:31










1 Answer
1






active

oldest

votes

















up vote
2
down vote













iptables is able to handle networks realy easy.
In your case:



iptables -A INPUT -p tcp -s 192.168.10.0/24 --dport 80 -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -j DROP

iptables -A INPUT -s 192.168.10.0/24 -p ICMP --icmp-type 8 -j ACCEPT

iptables -A INPUT -p ICMP --icmp-type 8 -j DROP


Or instead of 192.168.10.0/24 you can use 192.168.10.0/255.255.255.0






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });






    abignetworknoob is a new contributor. Be nice, and check out our Code of Conduct.










     

    draft saved


    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f483294%2fiptables-configuration-cidr-notation%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote













    iptables is able to handle networks realy easy.
    In your case:



    iptables -A INPUT -p tcp -s 192.168.10.0/24 --dport 80 -j ACCEPT
    
iptables -A INPUT -p tcp --dport 80 -j DROP
    
iptables -A INPUT -s 192.168.10.0/24 -p ICMP --icmp-type 8 -j ACCEPT
    
iptables -A INPUT -p ICMP --icmp-type 8 -j DROP


    Or instead of 192.168.10.0/24 you can use 192.168.10.0/255.255.255.0






    share|improve this answer

























      up vote
      2
      down vote













      iptables is able to handle networks realy easy.
      In your case:



      iptables -A INPUT -p tcp -s 192.168.10.0/24 --dport 80 -j ACCEPT
      
iptables -A INPUT -p tcp --dport 80 -j DROP
      
iptables -A INPUT -s 192.168.10.0/24 -p ICMP --icmp-type 8 -j ACCEPT
      
iptables -A INPUT -p ICMP --icmp-type 8 -j DROP


      Or instead of 192.168.10.0/24 you can use 192.168.10.0/255.255.255.0






      share|improve this answer























        up vote
        2
        down vote










        up vote
        2
        down vote









        iptables is able to handle networks realy easy.
        In your case:



        iptables -A INPUT -p tcp -s 192.168.10.0/24 --dport 80 -j ACCEPT
        
iptables -A INPUT -p tcp --dport 80 -j DROP
        
iptables -A INPUT -s 192.168.10.0/24 -p ICMP --icmp-type 8 -j ACCEPT
        
iptables -A INPUT -p ICMP --icmp-type 8 -j DROP


        Or instead of 192.168.10.0/24 you can use 192.168.10.0/255.255.255.0






        share|improve this answer












        iptables is able to handle networks realy easy.
        In your case:



        iptables -A INPUT -p tcp -s 192.168.10.0/24 --dport 80 -j ACCEPT
        
iptables -A INPUT -p tcp --dport 80 -j DROP
        
iptables -A INPUT -s 192.168.10.0/24 -p ICMP --icmp-type 8 -j ACCEPT
        
iptables -A INPUT -p ICMP --icmp-type 8 -j DROP


        Or instead of 192.168.10.0/24 you can use 192.168.10.0/255.255.255.0







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 21 at 21:33









        Alexander

        993113




        993113






















            abignetworknoob is a new contributor. Be nice, and check out our Code of Conduct.










             

            draft saved


            draft discarded


















            abignetworknoob is a new contributor. Be nice, and check out our Code of Conduct.













            abignetworknoob is a new contributor. Be nice, and check out our Code of Conduct.












            abignetworknoob is a new contributor. Be nice, and check out our Code of Conduct.















             


            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f483294%2fiptables-configuration-cidr-notation%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Accessing regular linux commands in Huawei's Dopra Linux

            Image
            4 Backstory: I have a Huawei HG8245 router in my house and I want to change the default username/password. I've tried following this guide but the config file always gets reset. My ISP isn't helping either so I'm looking for other ways to accomplish this. The router has telnet access so this seems like a way to change the credentials. The first shell I gain access to looks like this: WAP> Pressing "?" gives me a list of available commands which I've pasted here, the two interesting ones are "su" and "shell". I can't seem to get su access, even after logging in as root (challenge password prompt, and then nothing happens), but shell gives me a proper linux shell. WAP>shell BusyBox v1.18.4 (2017-12-26 17:06:34 CST) built-in shell (ash) Enter 'hel...
            Read more

            Can't connect RFCOMM socket: Host is down

            Image
            up vote 3 down vote favorite I have bluez 5.4.3 and I am attempting to communicate with a ble device through minicom. These two deceives (my computer and a bluno nano) are alreadt paired and this has been my method so far. #bluetoothctl # pair xx:xx:xx:xx:xx:xx # exit Everything is working well so far then... #sudo rfcomm connect /dev/rfcomm0 xx:xx:xx:xx:xx:xx 1 & [1] 3665 Can't connect RFCOMM socket: Host is down Does anyone know how to resolve this issue? Any help would be very much appreciated. bluetooth bluez share | improve this question asked Feb 9 '17 at 18:46 Brandon Knape 46 2 ...
            Read more

            Kernel panic - not syncing: Fatal Exception in Interrupt

            Image
            0 Every day this error occured on my pc, kernel panic error on interrupt, what will be the problem? linux-mint share asked 6 mins ago Vinod Selvin Vinod Selvin 1 1 New contributor Vinod Selvin is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. add a comment ...
            Read more