[clue-tech] Need a quick IPTABLES line
Jed S. Baer
cluemail at jbaer.cotse.net
Thu Jun 12 22:36:57 MDT 2008
On Thu, 12 Jun 2008 22:04:39 -0600
Jed S. Baer wrote:
> Hi Folks.
>
> Trying to do some stopgap blocking. I'm not a network guru. Here's the
> netblock I want to have just be ignored:
>
> inetnum: 77.41.40.0 - 77.41.47.255
> netname: NeoCentel-Home
> descr: BRAS E-320-31 DHCP-pool
> descr: Russian Central Telegraph, Moscow
> country: RU
>
> My approach is to do this:
> iptables -t INPUT -A DROP -p all -s 77.41.41.253/255.255.248.0
>
> But I don't understand if that notation will cause the entire block to
> be dropped. Input on the -s parameter, or verification that I have it
> correct, or how to specify it so it works, much appreciated.
Just for correctness, the actual command is:
iptables -A INPUT -p all -s 77.41.40.000/255.255.248.0 -j DROP
Defaults to the FILTER table, and DROP is a target, not the name of the
chain where the rule goes. And now looks like this:
$ sudo /sbin/iptables --list
Password:
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- host-77-41-40-0.qwerty.ru/21 anywhere
which I hope is what I want.
jed
More information about the clue-tech
mailing list