Bill wrote:
Hello Debian, I want to block all ip's ending in 224 to 255 but not 220 and others searching the net I found I need to add "/27" to end of the ip. I understand /8 /16 /24 /32 somewhat but...My question: what makes /27 significant X.Y.Z.224 - X.Y.Z.255deny from 63.148.99.224/27 Thanks P.s. for example, how would I block only X.Y.Z.23 - X.Y.Z.55 ???
that is <network-address>/<bits-of-subnetmask>
for example if you have a class c network: x.y.z.0-x.y.z.255 you have
the following:
network-address: x.y.z.0
broadcast-address: x.y.z.255
host-addresses: x.y.z.1-254
subnet-mask: 255.255.255.0 - that is 11111111.11111111.11111111.00000000
- 24 ones.
taking your example from above:
x.y.z.224 - x.y.z.255: 255-224=31
that is 1111 (that are 4 bits and the subnet-mask you need is the
complement to the full 32 bits: 28 bits) => x.y.z.224/28
speaking of x.y.z.23 - x.y.z.55: there you have a problem because 23
is no network-address, you can do 16-32+32-64 ord 32-64:
x.y.z.16 - x.y.z.31: 31-16 = 15 => 111 => 3 bits: x.y.z.16/29
x.y.z.32 - x.y.z.63: 63-32 = 31 => 1111 => 4 bits: x.y.z.32/28
you can try google and "subnet calculator" and probably you will find
some helpful javascript or cgi-sites which calculate the numbers above.
regards
--
\\\ ||| /// _\=/_
( @ @ ) (o o)
+--------oOOo-(_)-oOOo--------------------------oOOo-(_)-oOOo------+
| Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at |
| IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at |
| markus.schabel@tgm.ac.at Tel.: +43(1)33126/316 |
| markus.schabel@members.fsf.org Fax.: +43(1)33126/154 |
| FSF Associate Member #597, Linux User #259595 (counter.li.org) |
| oOOo Yet Another Spam Trap: oOOo |
| ( ) oOOo yast@tgm.ac.at ( ) oOOo |
+--------\ (----( )--------------------------\ ( -----( )-----+
\_) ) / \_) ) /
(_/ (_/
Computers are like airconditioners:
They stop working properly if you open windows.