It would be useful to have something that would take an IP address range and return the minimum coverage CIDR for that block (for use in feeding to iptables).
For example, if I want to allow access for hosts 1.2.3.1 - 1.2.3.4, I currently can allow them individually or just allow the entire /24. But is there any easier way to allow ip ranges in iptables, short of doing each individual IP or generalizing to a class boundary? Can ipsc do this easily? Thanks, Josh --- Douglas Blood <[EMAIL PROTECTED]> wrote: > http://www.ralphb.net/IPSubnet/class_a.html > That is a page I use whenever I need to do anything > with subnets. > It explains that the /27 subnet has 30 hosts. > > So if you only wanted to block hosts X.Y.Z.23 - > X.Y.Z.55 I would do > everything under 64.. otherwise you get into > defining multiple subnets so > you would block X.Y.Z.64/27 > > > ----- Original Message ----- > From: "Bill" <[EMAIL PROTECTED]> > To: <debian-security@lists.debian.org> > Sent: Tuesday, March 11, 2003 1:12 PM > Subject: Blocking sub-range of IP addresses > > > > Hello Debian, > > > > I want to block all ip's ending in 224 to 255 but > not 220 and others > > searching the net I found I need to add "/27" to > end of the ip. > > I understand /8 /16 /24 /32 somewhat but... > > > > My question: what makes /27 significant > > X.Y.Z.224 - X.Y.Z.255 > > deny from 63.148.99.224/27 > > > > Thanks > > P.s. for example, how would I block only X.Y.Z.23 > - X.Y.Z.55 ??? > > > > > > -- > > To UNSUBSCRIBE, email to > [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > -- > To UNSUBSCRIBE, email to > [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >
