You are correct, I missed that. Good thing you read it better than I did. :D<br><br><div class="gmail_quote">On Thu, Jun 12, 2008 at 10:53 PM, David L. Willson <<a href="mailto:DLWillson@thegeek.nu">DLWillson@thegeek.nu</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">A 24-bit subnet won't work because the rule would only match and drop traffic from hosts<br>
with 40 in the third octet. It would miss the hosts with 41 through 47 in the third<br>
octet. The desired subnet length is 21 (all of the first two octets, and 5 bits of the<br>
3rd). That will drop traffic from the whole undesired subnet.<br>
<br>
<br>
On Thu, 12 Jun 2008 22:38:25 -0600, John wrote<br>
<div><div></div><div class="Wj3C7c">> That's not a netmask, it's a way to specify the subnet. I think you want to<br>
> use <a href="http://77.41.40.0/24" target="_blank">77.41.40.0/24</a>.<br>
><br>
> John<br>
><br>
> On Thu, Jun 12, 2008 at 10:04 PM, Jed S. Baer <<a href="mailto:cluemail@jbaer.cotse.net">cluemail@jbaer.cotse.net</a>><br>
> wrote:<br>
><br>
> > Hi Folks.<br>
> ><br>
> > Trying to do some stopgap blocking. I'm not a network guru. Here's the<br>
> > netblock I want to have just be ignored:<br>
> ><br>
> > inetnum: <a href="http://77.41.40.0" target="_blank">77.41.40.0</a> - <a href="http://77.41.47.255" target="_blank">77.41.47.255</a><br>
> > netname: NeoCentel-Home<br>
> > descr: BRAS E-320-31 DHCP-pool<br>
> > descr: Russian Central Telegraph, Moscow<br>
> > country: RU<br>
> ><br>
> > My approach is to do this:<br>
> > iptables -t INPUT -A DROP -p all -s <a href="http://77.41.41.253/255.255.248.0" target="_blank">77.41.41.253/255.255.248.0</a><br>
> ><br>
> > But I don't understand if that notation will cause the entire block to be<br>
> > dropped. Input on the -s parameter, or verification that I have it<br>
> > correct, or how to specify it so it works, much appreciated.<br>
> ><br>
> > jed<br>
> > _______________________________________________<br>
> > clue-tech mailing list<br>
> > <a href="mailto:clue-tech@cluedenver.org">clue-tech@cluedenver.org</a><br>
> > <a href="http://www.cluedenver.org/mailman/listinfo/clue-tech" target="_blank">http://www.cluedenver.org/mailman/listinfo/clue-tech</a><br>
> ><br>
<br>
<br>
</div></div><font color="#888888">-- David<br>
</font><div><div></div><div class="Wj3C7c"><br>
_______________________________________________<br>
clue-tech mailing list<br>
<a href="mailto:clue-tech@cluedenver.org">clue-tech@cluedenver.org</a><br>
<a href="http://www.cluedenver.org/mailman/listinfo/clue-tech" target="_blank">http://www.cluedenver.org/mailman/listinfo/clue-tech</a><br>
</div></div></blockquote></div><br>