CodeHeads wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 24 May 2006 10:34:23 -0500 Bruno Wolff III <bruno@xxxxxxxx> wrote:
On Wed, May 24, 2006 at 10:46:39 -0400,
CodeHeads <codeheads@xxxxxxxxx> wrote:
Ed,
Thank you, That what I was looking for to verify what I have learned so far.
Question on entering IP address in IPTables, say I want to add a range to
block the whole ip range of 10.0.0.0 (example of course)
Can I do this:
$iptables -A FORWARD -p tcp -s 10. -i eth0 -j DROP
OR
$iptables -A FORWARD -p tcp -s 10.* -i eth0 -j DROP
Either
$iptables -A FORWARD -p tcp -s 10.0.0.0/8 -i eth0 -j DROP
or
$iptables -A FORWARD -p tcp -s 10.0.0.0/255.0.0.0 -i eth0 -j DROP
will work.
Thank you Bruno. Just wanted to verify about the wild cards.
Sorry for all the questions, IP's confuse me a bit. :) LOL
Say if I have a range of 222.96.0.0 - 222.122.255.255
Is there a calculator that will tell me the netmask??
Will
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEdIKLfw3TK8jhZrsRAg9PAKDKEOBc+B6hV98Yk14O7pt55+YlJwCg4f1o
3HgXuIWAXRXipVlCR7AR4c0=
=zm19
-----END PGP SIGNATURE-----
Just a few things...
you are appending to the FORWARD chain in the above example... I'm
guessing that this is correct and the webserver is NAT'd? otherwise
you'd want to edit the INPUT chain.
I also use netmasks, but there is the capability to modify ranges as
follows..
iptables -A FORWARD -m iprange --src-range 222.96.0.0-222.122.255.255 -j
DROP
(syntax may not be correct, see man iptables)
--
Ed Kim, RHCE
http://www.rhatbox.com
Any sufficiently advanced technology is indistinguishable from magic.
~Arthur C. Clarke