≡ Menu

Iptables: Invert IP, Protocol, Or Interface Test With !

Accept port 22 traffic on all interfaces except for eth1 which is connected to the Internet:

iptables -A INPUT -i !eth1 -p tcp --dport 22  -j ACCEPT

Recommended readings:

man iptables

Share this tutorial on:
{ 6 comments… add one }
  • Zdenek Styblik January 29, 2010, 8:04 pm

    Recently, iptables changed syntax in favor of prefixing, so:
    iptables -A INPUT ! -s 192.168.1.0/24; << correct
    iptables -A INPUT -s ! 192.168.1.0/24; << also correct, but iptables warns you this is a deprecated way to do. so it's question for how long is it going to work.
    This prefixing applies for everything, not just source IP address.

  • nixCraft January 30, 2010, 9:06 am

    Zdenek,

    You may be right about syntax but most of our systems are running on RHEL 4/5 or CentOS 4/5 and it is not updated by Red Hat. I guess RHEL 6 will come with latest version.

  • Zdenek Styblik February 2, 2010, 5:04 pm

    Ok, sorry for the post then.

  • Bryan May 5, 2013, 2:11 pm

    Wouldn’t you know it? It’s now three years and some days later and now only the prefix ! version of syntax works (squid3). :-P

  • Mr. IP June 20, 2015, 1:07 pm

    Now it’s 2015

    iptables -A MYCHAIN -i !eth1 -s 10.126.24.0/24 -j DROP; iptables -L MYCHAIN -n -v

    yields:

        0     0 DROP       all  --  !eth1  *       10.126.24.0/24       0.0.0.0/0

    no errors but it doesn’t work

    iptables -A MYCHAIN ! -i eth1 -s 10.126.24.0/24 -j DROP; iptables -L MYCHAIN -n -v

    also yields:

        0     0 DROP       all  --  !eth1  *       10.126.24.0/24       0.0.0.0/0

    but this time itworks!

    This is a very bitchy pitfall, take care. Only if you do iptables -L -n -vv with double v, you’ll be able to see the difference between “-i !eth1” and “! -i eth1”.

  • Darius October 9, 2015, 2:54 pm

    iptables -A INPUT -m set –set ! geoblock src -j DROP
    Using intrapositioned negation (`–option ! this`) is deprecated in favor of extrapositioned (`! –option this`).

    Somebody have any idea what I’m doing worng here ?

Security: Are you a robot or human?

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">


   Tagged with: , , , , , , , ,