Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
RE: [suse-security] best method to block ip block
  • From: "Reckhard, Tobias" <Reckhard@xxxxxxxxxx>
  • Date: Mon, 30 Jul 2001 07:50:52 +0200
  • Message-id: <96C102324EF9D411A49500306E06C8D13480E9@xxxxxxxxxxxxxxxxx>
> The ip
> block I want to filter is as follows
>
> xxx.156.130.1 to xxx.156.191.255
>
You know, this is typical TCP/IP networking course homework stuff you should
be doing yourself, but let's see what we can do.

x.156.130.1 ... x.156.191.255

1st netblock: x.156.130.0/23 = x.156.130.0...x.156.131.255
2nd netblock: x.156.132.0/22 = x.156.132.0...x.156.135.255
3rd netblock: x.156.136.0/21 = x.156.136.0...x.156.143.255
4th netblock: x.156.144.0/20 = x.156.144.0...x.156.159.255
5th netblock: x.156.160.0/19 = x.156.160.0...x.156.191.255

This is the shortest way to describe the IP range you mean. Note that the IP
address x.156.130.0 is in the first netblock, though you said to start at
.1. I assumed that was a slipup on your behalf. If not, you'll need another
eight definitions. Or, which is probably more practical, use a permit rule
for that single IP address to precede all deny/reject rules for the subnets
above.

Tobias


< Previous Next >
This Thread
  • No further messages