Firewall MULTIPLE IP ranges

Hi all,

Is it possible to setup restrictions for a multiple IP ranges?

I've installed iptables-mod-iprange and it accepts extra option in LuCI like
-m iprange --dst-range (be sure to put any as a destination address if you use extra option, otherwise the whole rule will NOT work)

So, it works, but I'd like to add more ranges under the same rule. Tried
-m iprange --dst-range
-m iprange --dst-range,
-m iprange --dst-range --dst-range
-m iprange --dst-range iprange --dst-range
and even
-m iprange --dst-range -m iprange --dst-range
in extra option field. But none worked.

So do you think it's possible to make it within ONE rule?

I think you need to resort to ipset matches to have one single rule matching multiple non continuous ranges.


Tnx for the advice.