參考網址:https://www.cyberciti.biz/tips/linux-iptables-how-to-specify-a-range-of-ip-addresses-or-ports.html
For example, allow incoming request on a port 22 for source IP in the 192.168.1.100-192.168.1.200 range only. You need to add something as follows to your iptables script:
iptables -A INPUT -p tcp --destination-port 22 -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT
Port range
if –protocol tcp (-p tcp) is specified, you can specify source port range with following syntax:
- –source-port port:port
- –sport port:port
And destination port range specification with following option :
- –destination-port port:port
- –dport port:port
For example block lock all incoming ssh access at port 22, for source port range 513:65535:
iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP