Firewall MULTIPLE IP ranges

Hi all,

Is it possible to setup restrictions for a multiple IP ranges?

I've installed iptables-mod-iprange and it accepts extra option in LuCI like
-m iprange --dst-range 1.1.1.1-2.2.2.2 (be sure to put any as a destination address if you use extra option, otherwise the whole rule will NOT work)

So, it works, but I'd like to add more ranges under the same rule. Tried
-m iprange --dst-range 1.1.1.1-2.2.2.2 3.3.3.3-4.4.4.4
-m iprange --dst-range 1.1.1.1-2.2.2.2, 3.3.3.3-4.4.4.4
-m iprange --dst-range 1.1.1.1-2.2.2.2 --dst-range 3.3.3.3-4.4.4.4
-m iprange --dst-range 1.1.1.1-2.2.2.2 iprange --dst-range 3.3.3.3-4.4.4.4
and even
-m iprange --dst-range 1.1.1.1-2.2.2.2 -m iprange --dst-range 3.3.3.3-4.4.4.4
in extra option field. But none worked.

So do you think it's possible to make it within ONE rule?

I think you need to resort to ipset matches to have one single rule matching multiple non continuous ranges.

2 Likes

Tnx for the advice.