iptables syntax

I want to drop new connections from any host except two. Previously I was
accepting from one address range as follows (I've changed the range to a
private one for this post):

iptables -A INPUT -m state --state NEW -i eth0 -j DROP \! -s 172.16.4.0/24

How do I change it so that it drops any new connections except those from
172.16.4.0/24 or 172.16.200.0/24?

Cheers

M

Matt <(E-Mail Removed)> wrote:

> I want to drop new connections from any host except two. Previously I
> was accepting from one address range as follows (I've changed the range
> to a private one for this post):
>
> iptables -A INPUT -m state --state NEW -i eth0 -j DROP \! -s
> 172.16.4.0/24

I guess this should read "... -j DROP -s \! 172.16.4.0/24"


>
> How do I change it so that it drops any new connections except those from
> 172.16.4.0/24 or 172.16.200.0/24?

iptables -A INPUT -m state --state NEW -i eth0 \
--src 172.16.4.0/24 -j ACCEPT
iptables -A INPUT -m state --state NEW -i eth0 \
--src 172.16.200.0/24 -j ACCEPT
iptables -A INPUT -m state --state NEW -i eth0 -j DROP


Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn