-   Linux - Security (
-   -   Blocking IP ranges to the Internet (

caps_phisto 09-18-2006 09:25 AM

Blocking IP ranges to the Internet
Here is my scenario:

I have setup DHCP on a network with set ranges for valid IPs I want passed out. The range is

I have noticed that there are certain people on this network (the network is for Internet access) that have statically given themselves IP addresses outside my predefined ranges.

I would like to block them via IPTables so that they cannot get anywhere with their addresses.

Would the following command via IPTables work:

iptables -A INPUT -s 192.168.101/26 -j DROP
I think that line would drop any packets coming in from 192.168.101.[192-255] to be dropped? Am I correct in assuming that?

Also what would be the rule to drop traffic from IPs below 75 (except my gateway which is on

Thanks in advance

caps_phisto 09-18-2006 10:19 AM

Found the answer here is the correct IPTables syntax:


iptables -A INPUT -m iprange --src-range -j DROP
That would drop access from

All times are GMT -5. The time now is 11:23 AM.