Use the CIDR notation: 172.16.0.0/12 ex.: iptables -A INPUT -p tcp -s 172.16.0.0/12 -d $INET_IP -i ppp0 -j SPOOFED > From: Bewerbungsadresse@xxxxxx [mailto:bewerbungsadresse@xxxxxx] > Sent: Wednesday, November 05, 2003 6:21 PM > is it possible to prevent spoofing attacks to > 172.16.0.0-172.31.255.255 > on the external internet IP in one rule? > > something like that > > iptables -A INPUT -p tcp -s 172.16.0.0/255.31.0.0 -d $INET_IP > -i ppp0 -j > SPOOFED This was wrong, as the netmask should have been 255.240.0.0; the former netmask was invalid.
