Advanced ip range blockage with iptables

chibi · 04-10-2006, 10:27 PM

Hello,

Up until now I have been just fine with blocking single ips and ip ranges such as 151.203.0.0/16 .

I have a new challenge and I can't seem to figure it out. I have a server crasher who instead of having the first 2 subnets (I believe they are called subnets(subnet.subnet.subnet.subnet?)) static while the last two are dynamic, only his very first subnet is static and the last 3 are dynamic.

I don't really wanna have to block out all the people beginning with their first subnet (58), but I have determined the ip range their ISP is allowed to use.

58.160.0.0 - 58.175.255.255

So what I need to do is block the above range specifically, and I do not really know how to do that. If someone could please help me out I would appreciate it. So far I've always just used this format:

iptables -A INPUT -s 58.160.0.0/16 -j DROP But if I started with 58.160.0.0/16 how would it know to stop at 58.175.0.0/16 ??

Thank you so much !

-Chi

Capt_Caveman · 04-10-2006, 10:58 PM

58.160.0.0-58.175.255.255 == 58.160.0.0/12

http://www.subnet-calculator.com/cidr.php

chibi · 04-11-2006, 01:06 AM

Awesome, thank you! That subnet calculator is very handy I extremly appreciate it.

I had this "network" calculator but it doesn't do what the one you gave me does. I was thinking I had to do some extra work to the iptables command, but I guess it would make more sense that it could be represented numerically.

Thanks again