Operating System - Linux
1828371 Members
2848 Online
109976 Solutions
New Discussion

how about the syntax of continous IP defined in ipchanis( -s -d)

 

how about the syntax of continous IP defined in ipchanis( -s -d)

i want to block some ip with continues address, however i do not know how about the syntax,
for exampels
-d 192.168.0.1-192.168.0.100,
it is wrong

thanks for your tips,
frederick
frederick
3 REPLIES 3
U.SivaKumar_2
Honored Contributor

Re: how about the syntax of continous IP defined in ipchanis( -s -d)

Hi,
it is wrong.
IPchains allow specification of a group of IP addresses, such as `199.95.207.0/24' or `199.95.207.0/255.255.255.0'. These both specify any IP address from 199.95.207.0 to 199.95.207.255 inclusive; the digits after the `/' tell which parts of the IP address are significant. `/32' or `/255.255.255.255' is the default (match all of the IP address). To specify any IP address at all `/0' can be used.

regards,
U.SivaKumar
Innovations are made when conventions are broken
Hal Rottenberg
Frequent Advisor

Re: how about the syntax of continous IP defined in ipchanis( -s -d)

They call these subnet masks. You can find a calculator here:

http://www.telusplanet.net/public/sparkman/netcalc.htm

For example to include 192.168.0.1-192.168.0.127 you would use this in ipchains: 192.168.0.1/25

You will want to research tcp/ip subnet masking to learn more.
If at first you don't succeed, then skydiving isn't for you.
Mark Fenton
Esteemed Contributor

Re: how about the syntax of continous IP defined in ipchanis( -s -d)

Picking up on the previous posts,
to deny traffic on eth0 originating from the first 128 ip addresses in your subnet

ipchains -A (your chain here) -i eth0 -s 192.168.0.0/25 -j DENY

hth
Mark