Unix & Linux Asked by adrelanos on December 12, 2021
What’s the simplest way to express “allow all connections to the local lan” for iptables output?
Including connections to 192.*, 172.*, 10.*, etc.
Can all of this compressed within a single rule?
As llua said, using ipset. However, you'll probably want to make this persist through reboots; ipsets are stored in memory otherwise.
ipset save > /etc/ipset.conf, then enable the ipset service so it recreates the set on reboots (on Arch systems, at least, which provide an ipset.service systemd file).
Add to /etc/rc.local the line ipset restore -f /etc/ipset.conf on most other Linux systems.
See the always-excellent Arch wiki page for more.
Answered by hlmtre on December 12, 2021
Using ipset
ipset create locallan hash:net
ipset add locallan 192.168.0.0/16
ipset add locallan 172.16.0.0/16
ipset add locallan 10.0.0.0/8
iptables -I INPUT -m set --match-set locallan src -j ACCEPT
Would allow connections from those ranges to the server with that rule.
Answered by llua on December 12, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP