-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 24 May 2006 14:27:20 -0400 Ed Kim <ed.kim@xxxxxxxxxxx> wrote: > CodeHeads wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Wed, 24 May 2006 10:34:23 -0500 Bruno Wolff III <bruno@xxxxxxxx> wrote: > > > >> On Wed, May 24, 2006 at 10:46:39 -0400, > >> CodeHeads <codeheads@xxxxxxxxx> wrote: > >>> Ed, > >>> Thank you, That what I was looking for to verify what I have learned so > >>> far. > >>> > >>> Question on entering IP address in IPTables, say I want to add a range to > >>> block the whole ip range of 10.0.0.0 (example of course) > >>> Can I do this: > >>> $iptables -A FORWARD -p tcp -s 10. -i eth0 -j DROP > >>> OR > >>> $iptables -A FORWARD -p tcp -s 10.* -i eth0 -j DROP > >> Either > >> $iptables -A FORWARD -p tcp -s 10.0.0.0/8 -i eth0 -j DROP > >> or > >> $iptables -A FORWARD -p tcp -s 10.0.0.0/255.0.0.0 -i eth0 -j DROP > >> will work. > > > > Thank you Bruno. Just wanted to verify about the wild cards. > > > > Sorry for all the questions, IP's confuse me a bit. :) LOL > > Say if I have a range of 222.96.0.0 - 222.122.255.255 > > Is there a calculator that will tell me the netmask?? > > > > Will > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.3 (GNU/Linux) > > > > iD8DBQFEdIKLfw3TK8jhZrsRAg9PAKDKEOBc+B6hV98Yk14O7pt55+YlJwCg4f1o > > 3HgXuIWAXRXipVlCR7AR4c0= > > =zm19 > > -----END PGP SIGNATURE----- > > > > Just a few things... > you are appending to the FORWARD chain in the above example... I'm > guessing that this is correct and the webserver is NAT'd? otherwise > you'd want to edit the INPUT chain. > > I also use netmasks, but there is the capability to modify ranges as > follows.. > > iptables -A FORWARD -m iprange --src-range 222.96.0.0-222.122.255.255 -j > DROP > (syntax may not be correct, see man iptables) Thanks Kim, I will check that out. :) Will -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEdKpHfw3TK8jhZrsRAi0nAJ9ZjWYcXv6eaSS9czAJ55LBVL/HOgCgjGmX o19+0jbZRt9fNkZNu3WnTgg= =3cvF -----END PGP SIGNATURE----- -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list