I just checked the ip6tables
man page on CentOS 6 and Debian 7 and they both include iprange
:
iprange
This matches on a given arbitrary range of IP addresses.
[!] --src-range from[-to]
Match source IP in the specified range.
[!] --dst-range from[-to]
Match destination IP in the specified range.
The man page for iptables-extensions
on ArchLinux also indicates that iprange
should exist.
A quick test on a CentOS 6 box shows that it does work:
www1 $ sudo ip6tables -A OUTPUT -p tcp --dport ssh -m iprange --dst-range 2001:db8::1-2001:db8::ff -j LOG
[sudo] password for fukawi2:
www1 $ sudo ip6tables -nvL OUTPUT
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG tcp * * ::/0 ::/0 tcp dpt:22 destination IP range 2001:db8::1-2001:db8::ff LOG flags 0 level 4
Have you looked at your actual man page instead of an online one?