[clue-tech] Need a quick IPTABLES line
David L. Willson
DLWillson at TheGeek.NU
Thu Jun 12 22:53:45 MDT 2008
A 24-bit subnet won't work because the rule would only match and drop traffic from hosts
with 40 in the third octet. It would miss the hosts with 41 through 47 in the third
octet. The desired subnet length is 21 (all of the first two octets, and 5 bits of the
3rd). That will drop traffic from the whole undesired subnet.
On Thu, 12 Jun 2008 22:38:25 -0600, John wrote
> That's not a netmask, it's a way to specify the subnet. I think you want to
> use 77.41.40.0/24.
>
> John
>
> On Thu, Jun 12, 2008 at 10:04 PM, Jed S. Baer <cluemail at jbaer.cotse.net>
> wrote:
>
> > Hi Folks.
> >
> > Trying to do some stopgap blocking. I'm not a network guru. Here's the
> > netblock I want to have just be ignored:
> >
> > inetnum: 77.41.40.0 - 77.41.47.255
> > netname: NeoCentel-Home
> > descr: BRAS E-320-31 DHCP-pool
> > descr: Russian Central Telegraph, Moscow
> > country: RU
> >
> > My approach is to do this:
> > iptables -t INPUT -A DROP -p all -s 77.41.41.253/255.255.248.0
> >
> > But I don't understand if that notation will cause the entire block to be
> > dropped. Input on the -s parameter, or verification that I have it
> > correct, or how to specify it so it works, much appreciated.
> >
> > jed
> > _______________________________________________
> > clue-tech mailing list
> > clue-tech at cluedenver.org
> > http://www.cluedenver.org/mailman/listinfo/clue-tech
> >
-- David
More information about the clue-tech
mailing list