Blocking entire systems, especially in IPV4 space can be difficult because the IPV4 address space is allocated like a block of Swiss cheese. As jschiwal suggested you can try to block the whole IP range and sometimes a whois report will give you the range in question. For example, the IP you mentioned is in the allocated range 218.85.0.0 - 218.86.127.255. Unfortunately, this isn't the whole story as the provider has a lot more blocks to pick from. The next step is to get the AS, or autonomous system, number and from this you can get the list of IP addresses. This site can do that for you:
http://asn.cymru.com/ Using your example, we can see that the IP is in AS4134. Now the next step is to find the IP addresses allocated to this system. An
older post by unSpawn has a script to do this, and the website is still up, though the script may need to be tweaked a little bit. The script takes the page and hacks out the IP addresses and makes an IPTables filter from it. Here is a
link to the info for that AS. From, this we can see that there are an absolute boat load of IP addresses in this network. However, here is an interesting tidbit. That particular IP range has this notation:
Code:
218.86.0.0/17 4777 2516 4134 - Withdrawn - aggregated with 218.86.128.0/17 (4777 2516 4134)
Which says that the original allocation 218.86.0.0 has been replaced with 218.86.128.0/17. If we look up the list a little higher we see this:
Code:
218.84.0.0/14 4777 2516 4134 + Announce - aggregate of 218.84.0.0/15 (4777 2516 4134) and 218.86.0.0/15 (4777 2516 4134)
Which is a bigger aggregate block for this IP range of 218.84.0.0/14. Doing a CIDR mask mapping on this range shows that it runs from 218.84.0.0 to 218.87.255.255 which gives us less rules to put into IPTables. Of course there are a lot more for even this ISP.