LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page iptables - dropping an ip *range*
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-23-2005, 02:37 AM   #1
chibi
Member
 
Registered: Aug 2004
Location: Canada
Distribution: Archlabs
Posts: 65

Rep: Reputation: 15
iptables - dropping an ip *range*

Hello!

Just today I have required the use of IPTABLES and with google I found an excellent site (http://www.justlinux.com/nhf/Securit...es_Basics.html) that was very straight forward and understandable.

I have a problem now though because the IP I wish to drop is not static. However, it is always 151.203.*.* and so I would like to add that as a rule.

Although... the tutorial I learned from seems to hint that using * is not acceptable. This is what it says:

"If you wanted to specify a range of IP's, you could use 200.200.200.0/24. This would specify any IP that matched 200.200.200.*."

Does this mean I could use 151.203.0/24.0/24 to get the results I wanted? I have just become quite confused because the 0/24 looks very foreign to me and I cannot comprehend the explanation behind the syntax and the value of the integer.

I guess I just really wanna understand why and make sure I am going to be doing it right.


Thank you so much for your help, it is greatly appreciated.

-Chi
Last edited by chibi; 11-23-2005 at 02:38 AM.
 
Old 11-23-2005, 05:03 AM   #2
lurker79
Member
 
Registered: Jan 2005
Location: UK
Posts: 55

Rep: Reputation: 16
If you are wanting to block 151.203.*.* you can use 151.203.0.0/16
 
Old 11-23-2005, 12:36 PM   #3
chibi
Member
 
Registered: Aug 2004
Location: Canada
Distribution: Archlabs
Posts: 65

Original Poster
Rep: Reputation: 15
Alright, thanks for the reply.

I will give that a try and I guess look for stuff on subnetting or whatever its called

-Chi
 
Old 11-23-2005, 12:59 PM   #4
chibi
Member
 
Registered: Aug 2004
Location: Canada
Distribution: Archlabs
Posts: 65

Original Poster
Rep: Reputation: 15
Actually I have another question to add...

iptables aside, If I were to be choosing to block an ip range..

would selecting 151.203.0.0 with a subnet of 255.255.0.0 be the same as the 151.203.0.0/16 ??

or is this more of a network question, maybe i should ask it there

Thanks again..

-Chi
 
Old 12-15-2005, 03:52 AM   #5
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Quote:
Originally Posted by chibi
Actually I have another question to add...

iptables aside, If I were to be choosing to block an ip range..

would selecting 151.203.0.0 with a subnet of 255.255.0.0 be the same as the 151.203.0.0/16 ??

or is this more of a network question, maybe i should ask it there

Thanks again..

-Chi

yes 151.203.0.0/255.255.0.0 151.203.0.0/16 both the same, I pretty sure iptables will accept either.
 
Old 12-15-2005, 04:50 PM   #6
bulliver
Senior Member
Contributing Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
chibi:
The form "151.203.0.0/16" is called CIDR notation.

See:
http://wiki.linuxquestions.org/wiki/CIDR_notation
 
Old 12-17-2005, 08:22 PM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
here's another link you might wanna look at to understand the subnetting concept a little better: http://en.wikipedia.org/wiki/Subnetwork

BTW, there's also a patch you can use if you want to be able to specify actual ip ranges (instead of just subnets)... this is useful for situations in which matching an entire subnet is not an option... a rule might look like, for example:
Code:
iptables -A INPUT -m iprange --src-range \
151.203.100.114-151.204.101.243 -j DROP
just my $0.02...
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables allowing a range adm1329 Linux - Networking 2 02-01-2005 01:04 PM
ip range in iptables masterlloyd Linux - Security 1 01-11-2005 02:00 AM
specifying a range of IP in IPTABLES jomy Linux - Security 1 12-23-2004 07:30 AM
how to do this.. IPTABLES IP Range DROP latino Linux - Security 1 01-02-2004 01:41 AM
iptables: source range Carlee Linux - Security 8 09-01-2003 01:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:16 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration