[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: hosts.deny vs iptables



From: "CodeHeads" <codeheads gmail com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 24 May 2006 10:34:23 -0500 Bruno Wolff III <bruno wolff to> wrote:

On Wed, May 24, 2006 at 10:46:39 -0400,
  CodeHeads <codeheads gmail com> wrote:
> > Ed,
> Thank you, That what I was looking for to verify what I have learned so far.
> > Question on entering IP address in IPTables, say I want to add a range to
> block the whole ip range of 10.0.0.0 (example of course)
> Can I do this:
> $iptables -A FORWARD -p tcp -s 10. -i eth0 -j DROP
> OR
> $iptables -A FORWARD -p tcp -s 10.* -i eth0 -j DROP

Either
$iptables -A FORWARD -p tcp -s 10.0.0.0/8 -i eth0 -j DROP
or
$iptables -A FORWARD -p tcp -s 10.0.0.0/255.0.0.0 -i eth0 -j DROP
will work.

Thank you Bruno.  Just wanted to verify about the wild cards.

Sorry for all the questions, IP's confuse me a bit. :) LOL
Say if I have a range of 222.96.0.0 - 222.122.255.255
Is there a calculator that will tell me the netmask??

There isn't one. The net mask is powers of two. It is often
easier to think of it as 222.96.0.0/11 for the nearest to the
case you site, 222.96.0.1 to 22.127.255.254. That means
255.240.0.0 is the mask.

{^_^}


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]