[Firewall] BLOCK_HOSTS_FILE & CIDR blocking

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Tue Jul 8 07:22:05 MDT 2008


AFAIK this should work. Iptables should work natively with all CIDR 
notations...

A.

Jon Todaro wrote:
> 
> Is this possible beyond a Class C?
> 
> My setup consists of the following:
> 
> /*Ubuntu 8.04 Server*/
> 
> I have the following setting it my firewall.conf file (using debconf.cfg)
> */BLOCK_HOSTS_FILE=$DC_BLOCK_HOSTS_FIL/E*
> 
> I have the following setting it my debconf.cfg file
> */DC_BLOCK_HOSTS_FILE=/etc/arno-iptables-firewall/blocked-/hosts*
> 
> The following in the blocked-hosts file works:
> /*60.172.214.0-255
> 60.172.215.0-255
> 60.172.216.0-255
> 60.172.217.0-255
> 60.172.218.0-255
> 60.172.219.0-255*/
> 
> But I would like to do something like the following to block this whole 
> CHINANET-AH address space assignment, without listing each class 
> AAA.BBB.CCC.0-255 individually
> */60.166.0.0/13 <http://60.166.0.0/13>
> 60.174.0.0/15 <http://60.174.0.0/15>
> 
> 
> /*
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Firewall mailing list
> Firewall at lists.btito.net
> http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl



More information about the Firewall mailing list