On Tue, 11 Mar 2003, Bill wrote: > I want to block all ip's ending in 224 to 255 but not 220 and others > searching the net I found I need to add "/27" to end of the ip. > I understand /8 /16 /24 /32 somewhat but...
All the numbers after a / define a subnet. For example a /24 subnet contais 256 addresses of which 254 are usable (one for broadcast and one for network). Every time you incriment the number (for example /25) you halve the size of the subnet, hence a /25 subnet has 128 addresses of which 126 are usable. I fyou want to read more I found Rustys networking conepts HOWTO a nice way to break people in http://www.netfilter.org/unreliable-guides/networking-concepts-HOWTO/index.html > My question: what makes /27 significant > X.Y.Z.224 - X.Y.Z.255 > deny from 63.148.99.224/27 > > Thanks > P.s. for example, how would I block only X.Y.Z.23 - X.Y.Z.55 ??? if you want to block a specific subnet there are ipcalc scripts out there that will calulate the ip's in a block for you .. if you are unsure of the size of the network segment you just play with the netmask until the addresses come out the way you want them. Nikolai
