Re: Help with ipchains and IP addresses

Subject: Re: Help with ipchains and IP addresses
From: Keary Suska (hierophant@pcisys.net)
Date: Mon Feb 25 2002 - 19:16:06 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Robert Serphillips: "two problems"
• Previous message: Pietro: "Connection timed out with yup"
• In reply to: Gawain Reifsnyder: "Help with ipchains and IP addresses"
• Reply: Keary Suska: "Re: Help with ipchains and IP addresses"

on 2/25/02 3:58 PM, gawain@guitar.net purportedly said:

> Let's say I want to filter just the range of 212.95.11.36 to
> 212.95.11.152. How would I do this?

You can't, at least not with a single chain "link". As was previously
indicated, you can only specify a range where the first X bits of the
address are the same. hence /24 means that the first 24 bits (or 3 bytes)
are the same (a Class C adddress). Also, network addresses must be a power
of 2. So:
    212.95.11.32/27 => 212.95.11.32 through 212.95.11.63
    212.95.11.64/26 => 212.95.11.64 through 212.95.11.127
    212.95.11.128/25 => 212.95.11.128 through 212.95.11.255

As you can see, you will need multiple entries to get the range you want.

> Or, as a second example, what about a range in the second octet, like
> 212.95.11.xxx through 212.95.18.xxx?

Same deal, but your range is much larger and harder to narrow on the last
octets.

    212.95.8.0/21 => 212.95.8.0 through 212.95.15.255

Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"

• Next message: Robert Serphillips: "two problems"
• Previous message: Pietro: "Connection timed out with yup"
• In reply to: Gawain Reifsnyder: "Help with ipchains and IP addresses"
• Reply: Keary Suska: "Re: Help with ipchains and IP addresses"

This archive was generated by hypermail 2a24 : Mon Feb 25 2002 - 19:31:01 MST