I have a linux server behind an internet router which forwards port 22 to the linux server. The router has no possibility to restrict the port forwarding to certain ip addresses (eg. 1.2.3.4/32), so I need to enforce this restrictions at the linux server. Furthermore I want to allow all traffic from the current LAN but without specifying the LAN by CIDR (eg. 192.168.0.0/24) since this can change frequently and the eth0 interface gets its network configuration by dhcp.
What I want to achieve with iptables is this:
- allow from 1.2.3.4/32 to port 22
- allow from $LAN
- drop anything else
I can't find a solution to address the current LAN in an iptables rules without knowing the actual ip range. Does iptables offer any functionality for this?
