Re: Blocking sub-range of IP addresses

To: Bill <bill07@shaw.ca>
Cc: debian-security@lists.debian.org
Subject: Re: Blocking sub-range of IP addresses
From: Nikolai Lusan <nikolai@humbug.org.au>
Date: Wed, 12 Mar 2003 09:09:37 +1000 (EST)
Message-id: <[🔎] Pine.LNX.4.53.0303120900460.25574@lusan.homelinux.org>
In-reply-to: <[🔎] 200303111412.13097.bill07@shaw.ca>
References: <[🔎] 200303111412.13097.bill07@shaw.ca>

On Tue, 11 Mar 2003, Bill wrote:

> I want to block all ip's ending in 224 to 255 but not 220 and others
> searching the net I found I need to add "/27" to end of the ip.
> I understand /8 /16 /24 /32 somewhat but...

All the numbers after a / define a subnet. For example a /24 subnet
contais 256 addresses of which 254 are usable (one for broadcast and one
for network). Every time you incriment the number (for example /25) you
halve the size of the subnet, hence a /25 subnet has 128 addresses of
which 126 are usable. I fyou want to read more I found Rustys networking
conepts HOWTO a nice way to break people in
http://www.netfilter.org/unreliable-guides/networking-concepts-HOWTO/index.html

> My question:  what makes /27 significant
> X.Y.Z.224 - X.Y.Z.255
> deny from 63.148.99.224/27
>
> Thanks
> P.s. for example, how would I block only X.Y.Z.23 - X.Y.Z.55 ???

if you want to block a specific subnet there are ipcalc scripts out
there that will calulate the ip's in a block for you .. if you are
unsure of the size of the network segment you just play with the netmask
until the addresses come out the way you want them.

Nikolai

Reply to:

References:
- Blocking sub-range of IP addresses
  - From: Bill <bill07@shaw.ca>

Prev by Date: RE: Blocking sub-range of IP addresses
Next by Date: Re: OT: Consensus
Previous by thread: Re: Blocking sub-range of IP addresses
Next by thread: Re: Blocking sub-range of IP addresses
Index(es):
- Date
- Thread