Re: Blocking sub-range of IP addresses
It would be useful to have something that would take
an IP address range and return the minimum coverage
CIDR for that block (for use in feeding to iptables).
For example, if I want to allow access for hosts
1.2.3.1 - 1.2.3.4, I currently can allow them
individually or just allow the entire /24. But is
there any easier way to allow ip ranges in iptables,
short of doing each individual IP or generalizing to a
class boundary? Can ipsc do this easily?
Thanks,
Josh
--- Douglas Blood <newsgroups@dblood.matraex.com>
wrote:
> http://www.ralphb.net/IPSubnet/class_a.html
> That is a page I use whenever I need to do anything
> with subnets.
> It explains that the /27 subnet has 30 hosts.
>
> So if you only wanted to block hosts X.Y.Z.23 -
> X.Y.Z.55 I would do
> everything under 64.. otherwise you get into
> defining multiple subnets so
> you would block X.Y.Z.64/27
>
>
> ----- Original Message -----
> From: "Bill" <bill07@shaw.ca>
> To: <debian-security@lists.debian.org>
> Sent: Tuesday, March 11, 2003 1:12 PM
> Subject: Blocking sub-range of IP addresses
>
>
> > Hello Debian,
> >
> > I want to block all ip's ending in 224 to 255 but
> not 220 and others
> > searching the net I found I need to add "/27" to
> end of the ip.
> > I understand /8 /16 /24 /32 somewhat but...
> >
> > My question: what makes /27 significant
> > X.Y.Z.224 - X.Y.Z.255
> > deny from 63.148.99.224/27
> >
> > Thanks
> > P.s. for example, how would I block only X.Y.Z.23
> - X.Y.Z.55 ???
> >
> >
> > --
> > To UNSUBSCRIBE, email to
> debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> >
>
>
> --
> To UNSUBSCRIBE, email to
> debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: