Subject: Re: Help with ipchains and IP addresses
From: mike cullerton (yellowdog@cullerton.com)
Date: Mon Feb 25 2002 - 17:39:06 MST
hey gawain,
i don't know about ipchains, but here's a little about netmasks (which is
what the '/24' is)
/24 means that the first 24 bits (of 32) of the address refer to the
network and what's left (8 bits) refers to the host portion. 8 bits (or two
to the 8th) gives you 256 hosts (or 0 to 255 inclusive)
but, you can only define networks on 'zero' boundaries. so, you can break
the 256 into two 128's at 0 and 128 respectively like
212.95.11.0/25
212.95.11.128/25
or four 64's
212.95.11.0/26
212.95.11.64/26
212.95.11.128/26
212.95.11.192/26
and so on. likewise, you can go the other way
212.95.10.0/23
hope this helps,
mike
gives you 212.95.10.0 thru 212.95.11.255
--On Monday, February 25, 2002 4:58 PM -0600 Gawain Reifsnyder
<gawain@guitar.net> wrote:
> I'm pretty new to ipchains and firewalls and I'm not familiar with the
> method ipchains uses to filter ip addresses... Here's an example of a
> filtering rule I've successfully set up:
>
> ipchains -A input -s 212.95.11.0/24 -p all -j DENY
>
> As I understand it, this filters the range of 212.95.11.0 through
> 212.95.11.255.
>
> Let's say I want to filter just the range of 212.95.11.36 to
> 212.95.11.152. How would I do this?
>
> Or, as a second example, what about a range in the second octet, like
> 212.95.11.xxx through 212.95.18.xxx?
>
> Thanks for your help!
>
> Gawain
-- mike cullerton yellowdog at cullerton dot com
This archive was generated by hypermail 2a24 : Mon Feb 25 2002 - 17:54:06 MST