[clue-tech] Need a quick IPTABLES line

Jed S. Baer cluemail at jbaer.cotse.net
Thu Jun 12 22:55:36 MDT 2008


On Thu, 12 Jun 2008 22:38:25 -0600
John wrote:

> That's not a netmask, it's a way to specify the subnet.  I think you
> want to use 77.41.40.0/24.

Uh, okay. Hey, I'm not an IP guy. Anyways, I thought there was a thing
called a "subnet mask". Maybe I'll read something sometime -- after I
learn more about postfix. :)

Anyways, the result was:

$ sudo /sbin/iptables --list
Password:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  host-77-41-40-0.qwerty.ru/21  anywhere

BTW, one of our "friends" (inside joke, for the rest of you CLUEbies)
pointed me to http://www.subnet-calculator.com/ which I used to figure
out the subnet mask, but it'd be cool if there were an easy way to get
there from just knowing the range, without trying to think in
hexadecimal, which I used to be really good at, when I was working in
EBCDIC on the big iron.

Thanks.

> On Thu, Jun 12, 2008 at 10:04 PM, Jed S. Baer <cluemail at jbaer.cotse.net>
> wrote:
> 
> > Hi Folks.
> >
> > Trying to do some stopgap blocking. I'm not a network guru. Here's the
> > netblock I want to have just be ignored:
> >
> > inetnum:        77.41.40.0 - 77.41.47.255
> > netname:        NeoCentel-Home
> > descr:          BRAS E-320-31 DHCP-pool
> > descr:          Russian Central Telegraph, Moscow
> > country:        RU
> >
> > My approach is to do this:
> > iptables -t INPUT -A DROP -p all -s 77.41.41.253/255.255.248.0
> >
> > But I don't understand if that notation will cause the entire block
> > to be dropped. Input on the -s parameter, or verification that I have
> > it correct, or how to specify it so it works, much appreciated.
> >
> > jed
> > _______________________________________________
> > clue-tech mailing list
> > clue-tech at cluedenver.org
> > http://www.cluedenver.org/mailman/listinfo/clue-tech
> >
> 


-- 



More information about the clue-tech mailing list