Re: Blocking a range of source IPs to a specific port

All of lore.kernel.org
 help / color / mirror / Atom feed

* Re: Blocking a range of source IPs to a specific port
       [not found] <42EE63E6.6070801@blackicehosting.com>
@ 2005-08-01 20:36 ` R. DuFresne
       [not found]   ` <42EE9539.4070800@gmx.co.uk>
  2005-08-02 13:35 ` Sp0oKeR
  1 sibling, 1 reply; 4+ messages in thread
From: R. DuFresne @ 2005-08-01 20:36 UTC (permalink / raw)
  To: James Harrison; +Cc: netfilter

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 1 Aug 2005, James Harrison wrote:

> Hi,
>
> I'm trying to use iptables to block a range of source IP addresses, but I 
> can't figure out how to specify ranges- i'm trying to block everything from 
> 172.150-250.*.* on port 8676- can someone help me out with the rule for this?
>
> Thanks,
> James Harrison
>



For part of the address space 172.128.0.0 - 172.191.255.255 you can block 
on 172.128.0.0/10.  To get the full range, you might use one of the online 
IP calculators to figger in the who shebang.


Thanks,


Ron DuFresne
- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC7ofust+vzJSwZikRAiqwAKDViUli7EhuVDadxre3WztiG5DzCgCeOZOy
frORKRIbZK84nXrsIz7ncHM=
=VZIa
-----END PGP SIGNATURE-----


^ permalink raw reply	[flat|nested] 4+ messages in thread

[parent not found: <42EE9539.4070800@gmx.co.uk>]

[parent not found: <Pine.LNX.4.60.0508011801000.3645@darkstar.sysinfo.com>]

[parent not found: <42EE9CA0.5020805@blackicehosting.com>]

* Re: Blocking a range of source IPs to a specific port
       [not found]       ` <42EE9CA0.5020805@blackicehosting.com>
@ 2005-08-02  8:26         ` Jörg Harmuth
  0 siblings, 0 replies; 4+ messages in thread
From: Jörg Harmuth @ 2005-08-02  8:26 UTC (permalink / raw)
  To: netfilter

James Harrison schrieb:
> However i'm still completely confused on the whole 0/9 issue- what does
> this specify?

We're talking about the notation 172.128.0.0/9 or shorter 172.128/9 or
similar. The part after the slash is the subnetmask (netmask). It is the
number of binary 1s starting from the left. 9 means the same as
255.128.0.0. The first octett has all bits set to 1 => 255, the second
only the first bit => 128 and all others are 0 => 0 ;)

HTH,

Joerg

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Blocking a range of source IPs to a specific port
       [not found] <42EE63E6.6070801@blackicehosting.com>
  2005-08-01 20:36 ` Blocking a range of source IPs to a specific port R. DuFresne
@ 2005-08-02 13:35 ` Sp0oKeR
  1 sibling, 0 replies; 4+ messages in thread
From: Sp0oKeR @ 2005-08-02 13:35 UTC (permalink / raw)
  To: James Harrison; +Cc: netfilter

 you can use ipset
 http://ipset.netfilter.org/

Regards,

Sp0oKeR

On 8/1/05, James Harrison <jamesharrison@blackicehosting.com> wrote:
> Hi,
> 
> I'm trying to use iptables to block a range of source IP addresses, but
> I can't figure out how to specify ranges- i'm trying to block everything
> from 172.150-250.*.* on port 8676- can someone help me out with the rule
> for this?
> 
> Thanks,
> James Harrison
> 
>


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Blocking a range of source IPs to a specific port
@ 2005-08-02 13:20 James A Harrison
  0 siblings, 0 replies; 4+ messages in thread
From: James A Harrison @ 2005-08-02 13:20 UTC (permalink / raw)
  To: gtaylor; +Cc: netfilter

Hi,

Replying on my PDA, so just a quick message to say thanks - i'll try that tomorrow.



James Harrison


-----Original Message-----
>From: "Grant Taylor"<gtaylor@riverviewtech.net>
>Sent: 02/08/05 04:05:49
>To: "netfilter"<netfilter@lists.netfilter.org>
>Subject: Re: Blocking a range of source IPs to a specific port
>
>James Harrison wrote:
>
>> Hi,
>>
>> I'm trying to use iptables to block a range of source IP addresses, 
>> but I can't figure out how to specify ranges- i'm trying to block 
>> everything from 172.150-250.*.* on port 8676- can someone help me out 
>> with the rule for this?
>>
>> Thanks,
>> James Harrison
>>
>James, you might want to look in to the IPRange match extension for 
>IPTables. I think you would be able to do something quite literally like 
>this:
>
>iptabels -t filter -A INPUT -p tcp --dport 8676 -m iprange --src-range 
>172.150.0.0-172.250.255.255 -j DROP
>
>I was able to successfully key the above line in to my firewall at the 
>house (test chain) with out any problems so I think the syntax is 
>correct.  However I have never used iprange in production to say what I 
>think of it.  Give it a try and see what you think.
>
>One suggestion is that you may want to send the traffic to a different 
>sub chain to be able to log the traffic before you DROP it.  Just a thought.
>
>
>
>Grant. . . .
>
>



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2005-08-02 13:35 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <42EE63E6.6070801@blackicehosting.com>
2005-08-01 20:36 ` Blocking a range of source IPs to a specific port R. DuFresne
     [not found]   ` <42EE9539.4070800@gmx.co.uk>
     [not found]     ` <Pine.LNX.4.60.0508011801000.3645@darkstar.sysinfo.com>
     [not found]       ` <42EE9CA0.5020805@blackicehosting.com>
2005-08-02  8:26         ` Jörg Harmuth
2005-08-02 13:35 ` Sp0oKeR
2005-08-02 13:20 James A Harrison

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.