Hello, This is a very easy question but I sometimes get messed up with netmasks and I just want to make sure I''ve done this right. If I want to blacklist an IP range, say 192.168.*.*, is this following blacklist rule correct? (IP/netmask format) 192.168.1.1/255.255.0.0 Shorewall is happy with the format, but I just want to make sure I''ve actually figured it out right and am banning the addresses that I want to ban. Thanks for your help, -MikeD
On Thu, 22 May 2003 11:02:13 -0700, Mike Dillinger <miked@softtalker.com> wrote:> Hello, > > This is a very easy question but I sometimes get messed up with netmasks > and I just want to make sure I''ve done this right. > > If I want to blacklist an IP range, say 192.168.*.*, is this following > blacklist rule correct? (IP/netmask format) > 192.168.1.1/255.255.0.0 > > Shorewall is happy with the format, but I just want to make sure I''ve > actually figured it out right and am banning the addresses that I want > to ban. >Most folks would write 192.168.0.0/16 -- see http://www.shorewall.net/shorewall_setup_guide.htm#Addressing. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On 22 May 2003 at 11:02, Mike Dillinger wrote:> Hello, > > This is a very easy question but I sometimes get messed up with > netmasks and I just want to make sure I''ve done this right. > > If I want to blacklist an IP range, say 192.168.*.*, is thisfollowing> blacklist rule correct? (IP/netmask format)192.168.1.1/255.255.0.0> > Shorewall is happy with the format, but I just want to make sureI''ve> actually figured it out right and am banning the addresses that Iwant> to ban. > > Thanks for your help, > -MikeDThe normal format would be as documented here http://www.shorewall.net/Documentation.htm#Blacklist but if you can no longer ping those addresses that notation must work as well. Wouldn''t supprise me. whynot just 192.168.1.1/16> _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > http://lists.shorewall.net/mailman/listinfo/shorewall-usersSupport:> http://www.shorewall.net/support.htm FAQ: > http://www.shorewall.net/FAQ.htm >-- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 ._______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/
Mike - Unless I''m reading it wrong...proper format for what you want to do in your blacklist would be: 192.168.0.0/16 - Bill ========================================== Hello, This is a very easy question but I sometimes get messed up with netmasks and I just want to make sure I''ve done this right. If I want to blacklist an IP range, say 192.168.*.*, is this following blacklist rule correct? (IP/netmask format) 192.168.1.1/255.255.0.0 Shorewall is happy with the format, but I just want to make sure I''ve actually figured it out right and am banning the addresses that I want to ban. Thanks for your help, -MikeD