let's said I want to deny a ip range of my lan from 192.168.1.100 to 192.168.1.200 to access internet
I add iptables rules in /etc/firewall.user and restart firewall to take effect.
but is there any other firewall managerment package in luci can do the same job ?
Why not use the normal uci firewall rules? IP ranges should be supported there.
It's simpler to use IP ranges matching CIDR subnets:
Would you please show me some configuration example ?
I can't find any documents about how to add ip range in uci firewall rules.
the ip address is not in the continuous range , so can't seperate using CIDR.
uci add firewall rule
uci set firewall.@rule[-1].src='lan'
uci set firewall.@rule[-1].name='test'
uci set firewall.@rule[-1].extra='-m iprange --src-range 192.168.1.100-192.168.1.200'
uci set firewall.@rule[-1].family='ipv4'
uci set firewall.@rule[-1].target='REJECT'
uci set firewall.@rule[-1].dest='wan'
uci add_list firewall.@rule[-1].proto='all'
uci commit firewall
service firewall restart
You'll need iprange.
so deinfe a extra parameter here ? interesting !
if that works , I won't need firewall.user !! thanks !
The uci firewall should also understand IP ranges, e.g.
option src_ip 22.214.171.124-192.168.1.200 and translate it to
-m iprange matches internally.
glad to know that , thanks !
Great, but looks like LuCI does not accept IP ranges in the input field.