资 源 简 介
iprestrict
This application is intended to block any inbound traffic on an interface if it matches certain rules.
Rule types:
* single ip in dotted decimal format;
* subnet in `netaddress/mask` format where mask is less than 32;
* range specifed as doted decimal `startip-stopip` where `startip < stopip`;
* `all` which denotes any ip;
Rule syntax:
{allow | deny} {ip | subnet / | range - | all}
Comments start with a #(pound) sign.
By default, if no rule is matched then "deny all" is applied. If a permisive behaviour is wanted then all you have to do is to put "allow all" at the end of the configuration file.
The blocking is done based on source ip address by colliding on a subinterface, so the
