I am trying to set up this rule :
iptables -A INPUT -i eth1 -p tcp -s ! 10.111.11.0/24 --dport ssh --syn -m state --state NEW -j ACCEPT
but it doesnt work. When i change place of !
iptables -A INPUT -i eth1 -p tcp ! -s 10.111.11.0/24 --dport ssh --syn -m state --state NEW -j ACCEPT
its ok but i am not sure is it working correctly. In every tut on net “!” is between -s and ip not in front of it.
Your second example is correct.
The first example is an old and deprecated way of writing such rules; current versions of iptables will print a warning, or refuse the rule entirely, if you use it.
Old tutorials on the Internet, of course, have old information.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.