Re: Blocking a range of source IPs to a specific port

[James Harrison <jamesharrison@xxxxxxxxxxxxxxxxxxx>]

R. DuFresne wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Rob,
>
> Of course you are correct, I should have waited till I had time after 
> work to offer assistance here.  But the backend advise of using one of 
> the online IP calculators would be a good starting point for finding 
> the correctparams to pass to iptable.
>
> Thanks for the correction.
>
> Ron DuFresne
>
> On Mon, 1 Aug 2005, /dev/rob0 wrote:
>
> > R. DuFresne wrote:
> >
> > > > I'm trying to use iptables to block a range of source IP addresses, 
> > > > but I can't figure out how to specify ranges- i'm trying to block 
> > > > everything from 172.150-250.*.* on port 8676- can someone help me 
> > > > out with the rule for this?
> > >
> > >
> > > For part of the address space 172.128.0.0 - 172.191.255.255 you can 
> > > block on 172.128.0.0/10.  To get the full range, you might use one 
> > > of the online IP calculators to figger in the who shebang.
> >
> >
> > Unfortunately 172.128.0.0/10 includes some which is not of the space 
> > the OP listed. 172.128.0.0/9 could be used; that is 172.128.0.0 
> > through 172.255.255.255. The rule could be preceded by some -j RETURN 
> > rules with some creative use of user-defined chains.
> >
> > iptables -N No8676
> > iptables -A No8676 -s 172.128.0.0/12 -j RETURN
> > iptables -A No8676 -s 172.144.0.0/14 -j RETURN
> > iptables -A No8676 -s 172.148.0.0/15 -j RETURN
> > iptables -A No8676 -s 172.251.0.0/16 -j RETURN
> > iptables -A No8676 -s 172.252.0.0/14 -j RETURN
> > iptables -A No8676 -s 172.128.0.0/9 -j DROP
> >
> > Then, you jump to No8676 for -p $PROTO --dport 8676 from INPUT and/or 
> > FORWARD as may be required for what is wanted.
> >
> > As an alternative he could list each netblock positively:
> >
> > iptables -A No8676 -s 172.150.0.0/15 -j DROP
> > iptables -A No8676 -s 172.152.0.0/13 -j DROP
> > iptables -A No8676 -s 172.160.0.0/11 -j DROP
> > iptables -A No8676 -s 172.192.0.0/11 -j DROP
> > iptables -A No8676 -s 172.224.0.0/12 -j DROP
> > iptables -A No8676 -s 172.240.0.0/13 -j DROP
> > iptables -A No8676 -s 172.248.0.0/15 -j DROP
> > iptables -A No8676 -s 172.250.0.0/16 -j DROP
> >
> > That requires more rules.
> >
> > General understanding of TCP/IP and CIDR notation is useful in a case 
> > like this. I would refer the OP to one of the online calculators to 
> > which Ron referred: http://www.cotse.com/networkcalculator.html .
> >
> > Useful hint to those who might be planning out a network: keep your 
> > hosts in CIDR-addressable netblocks. It's much more convenient for 
> > purposes of firewalling and routing.
>
> - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629
>
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
>
>                 -Tom Robbins <Still Life With Woodpecker>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFC7pwast+vzJSwZikRAgUBAJ9uSprzhuSSR7JmD3aPylqSNTk2mgCfc14/
> cPT4NJheluJF/CAIZFOv19s=
> =soQH
> -----END PGP SIGNATURE-----
Well, thanks to both of you for the information- I think i'm getting the 
hang of it... :)

However i'm still completely confused on the whole 0/9 issue- what does 
this specify?

I should be able to work it out using that information, but i'd like to 
understand it completely for future knowledge :-)