Are UFW IP groups possible?

Asked Jul 01 '19 at 19:49

Active Jul 02 '19 at 12:01

Viewed 3,506 times

I have a giant list of IP addresses I need to manage incoming access for. They are also constantly changing.

Is there a way to create a group of IP addresses/ranges for a firewall rule?

That way, when a rule needs to change/add/delete for that group, I can just change the rule, and not have to type in the whole group?

Something analog to:

ufw allow in from IP_GROUP_1 port 443

If not, any tips you have on this are valued.

Thanks!

EDIT: answers for IPTABLES and not UFW are fine.

edited Jul 02 '19 at 12:01

asked Jul 01 '19 at 19:49

Chemdream

There are a couple of ways to do what you want with iptables, but I don't know about ufw. I didn't write an answer because you specifically mention UFW. For iptables, probably using ipset would be the easiest. – Doug Smythies Jul 01 '19 at 21:39
I would be totally fine with an answer for iptables. – Chemdream Jul 02 '19 at 12:01
you mean like this: sudo ufw allow proto tcp from 192.168.1.16/28 to 192.168.1.48 port 80 ? – Rinzwind Jul 02 '19 at 12:04
Have a look at the ipset answer here. I do it a little different and not via a cron job. – Doug Smythies Jul 02 '19 at 15:21
Rinzwind that's not really what I'm looking for because we have many subnets and random IPs. not just ranges. – Chemdream Jul 02 '19 at 15:30

0 Answers0