[opensuse] firewall semantics question
how do I denote a group of domains as: xxx.xxx only the first two groups specified but all inclusive similar to 224.112.221.0/24 which I understand to include all 224.112.221.### The specific numbers above are for example only and are not interesting. I am being pelted with access requests for inexistant pages and php scripts from a range of chinanet sites and want to drop access at the firewall rather than denying web page access. Or perhaps a better plan ?? would be to add the group to /etc/hosts.deny? Or am I trying to do it the wrong way? -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I maybe understood your question but you should use: xxx.xxx.0.0/16.
Which include all xxx.xxx.###.### hosts.
Thanks.
On Thu, Jan 15, 2009 at 6:20 PM, Patrick Shanahan
how do I denote a group of domains as:
xxx.xxx only the first two groups specified but all inclusive
similar to
224.112.221.0/24 which I understand to include all 224.112.221.###
The specific numbers above are for example only and are not interesting. I am being pelted with access requests for inexistant pages and php scripts from a range of chinanet sites and want to drop access at the firewall rather than denying web page access.
Or perhaps a better plan ?? would be to add the group to /etc/hosts.deny?
Or am I trying to do it the wrong way?
-- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- [ ]'s Aledr - Alexandre "OpenSource Solutions for SmallBusiness Problems" -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* aledr
I maybe understood your question but you should use: xxx.xxx.0.0/16. Which include all xxx.xxx.###.### hosts.
Thanks, corrected my other mis-understood entries. -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hello, On Thu, 15 Jan 2009, Patrick Shanahan wrote:
how do I denote a group of domains as:
xxx.xxx only the first two groups specified but all inclusive
similar to
224.112.221.0/24 which I understand to include all 224.112.221.###
Read http://en.wikipedia.org/wiki/CIDR#CIDR_and_masks Perl has modules for conversion of IP-Ranges to CIDR and back. Read 'man Net::CIDR' and/or 'man Net::CIDR::Lite', the latter has a package in the repos (perl-Net-CIDR-Lite), the former exists in the build-service (at least for SLES/SLED, a 10.2 .spec also exists). Sample conversion: $ perl -e 'use Net::CIDR qw(range2cidr); print join("\n", range2cidr("192.168.0.0-192.168.255.255")), "\n";' 192.168.0.0/16 $ perl -e 'use Net::CIDR::Lite; $c = new Net::CIDR::Lite; $c->add_range("192.168.0.0-192.168.255.255"); print join("\n", $c->list()), "\n";' 192.168.0.0/16 $ There are also some graphic / web "IP / Mask calculators / converters" out there. HTH, -dnh -- I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. -- Bjarne Stroustrup -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
aledr
-
David Haller
-
Patrick Shanahan