In iptables, you can specify multiple IP addresses by using the ‘–ipset’ option in conjunction with an IP set. An IP set is a database that holds a collection of IP addresses or CIDR networks and is implemented as a kernel module in Linux.
Here’s an example of how you can specify multiple IP addresses in iptables source or destination:
- Install the iptables-ipset package:
sudo apt-get install iptables-ipset
- Create an IP set:
sudo ipset create myips hash:net
- Add IP addresses to the IP set:
sudo ipset add myips 192.168.1.100
sudo ipset add myips 192.168.1.101
sudo ipset add myips 192.168.1.102
- Create an iptables rule that uses the IP set:
sudo iptables -A INPUT -m set --match-set myips src -j DROP
The above rule will drop incoming packets from the IP addresses specified in the ‘myips’ IP set.
You can also specify multiple IP addresses directly in iptables by using multiple -s or -d options. For example:
sudo iptables -A INPUT -s 192.168.1.100 -s 192.168.1.101 -j DROP
This will drop incoming packets from IP addresses 192.168.1.100 and 192.168.1.101.