Bill wrote:
Hello Debian, I want to block all ip's ending in 224 to 255 but not 220 and others searching the net I found I need to add "/27" to end of the ip. I understand /8 /16 /24 /32 somewhat but...My question: what makes /27 significant X.Y.Z.224 - X.Y.Z.255deny from 63.148.99.224/27 Thanks P.s. for example, how would I block only X.Y.Z.23 - X.Y.Z.55 ???
that is <network-address>/<bits-of-subnetmask> for example if you have a class c network: x.y.z.0-x.y.z.255 you have the following: network-address: x.y.z.0 broadcast-address: x.y.z.255 host-addresses: x.y.z.1-254 subnet-mask: 255.255.255.0 - that is 11111111.11111111.11111111.00000000 - 24 ones. taking your example from above: x.y.z.224 - x.y.z.255: 255-224=31 that is 1111 (that are 4 bits and the subnet-mask you need is the complement to the full 32 bits: 28 bits) => x.y.z.224/28 speaking of x.y.z.23 - x.y.z.55: there you have a problem because 23 is no network-address, you can do 16-32+32-64 ord 32-64: x.y.z.16 - x.y.z.31: 31-16 = 15 => 111 => 3 bits: x.y.z.16/29 x.y.z.32 - x.y.z.63: 63-32 = 31 => 1111 => 4 bits: x.y.z.32/28 you can try google and "subnet calculator" and probably you will find some helpful javascript or cgi-sites which calculate the numbers above. regards -- \\\ ||| /// _\=/_ ( @ @ ) (o o) +--------oOOo-(_)-oOOo--------------------------oOOo-(_)-oOOo------+ | Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at | | IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at | | markus.schabel@tgm.ac.at Tel.: +43(1)33126/316 | | markus.schabel@members.fsf.org Fax.: +43(1)33126/154 | | FSF Associate Member #597, Linux User #259595 (counter.li.org) | | oOOo Yet Another Spam Trap: oOOo | | ( ) oOOo yast@tgm.ac.at ( ) oOOo | +--------\ (----( )--------------------------\ ( -----( )-----+ \_) ) / \_) ) / (_/ (_/ Computers are like airconditioners: They stop working properly if you open windows.