[wplug] iptables multiple addresses?

Henry Umansky hmust2+ at pitt.edu
Sat Dec 14 14:16:06 EST 2002 

I always thought you don't have to put the full address like 
111.111.111.0/255.255.255.0, you can just put 111.111.111.0/0, 
111.111.111.0/128, 111.111.111.0/192, etc. or even if you just wanted a 
range of ips from say 155-163 then you can just put 111.111.111.155/248 or 
something like that.  Can someone clarify this, especially if I'm wrong.

-Henry

--On Friday, December 13, 2002 11:26 PM -0500 Kubbie 
<squeakers2k at icqmail.com> wrote:r

> Thanks!
>
> -----Original Message-----
> From: wplug-admin at wplug.org [mailto:wplug-admin at wplug.org]On Behalf Of
> James O'Kane
> Sent: Friday, December 13, 2002 7:09 PM
> To: wplug at wplug.org
> Subject: RE: [wplug] iptables multiple addresses?
>
>
> On Fri, 13 Dec 2002, Kubbie wrote:
>> Sorry, forgot this, since I was interrupted when writing this...
>>
>> iptables -A FORWARD -p udp -s $eeserver --sport 3121 \
>> 	-d 111.111.111.1 --dport 26500 \
>> 	-m state --state NEW,ESTABLISHED -j ACCEPT
>>
>
> I'm hoping the 111.111.111 part is just an example.
>
> You can add a netmask to the end of an IP address to make it be a block
> of  IPs. 111.111.111.0/255.255.255.0 would be everything from .0 to .255
> 111.111.111.0/255.255.255.128 would be 0-127   (128 addresses)
> 111.111.111.0/255.255.255.192 would be 0-63    (64 addresses)
> 111.111.111.0/255.255.255.224 would be 0-31    (32 addresses)
>                          .240          0-15     16
>                          .248          0-7      8
>                          .252          0-3      4
>                          .254          0-1      2
>                          .255          0        1
>
>
> From what I can remember of the top of my head, those are the only size
> groups you can do. If you want a different range other than starting at
> 0,  you can change the 111.111.111.0 part to be .128 for example.
> so 111.111.111.128/255.255.255.128 would be .128-.255 (still 128
> addresses)
>
>
> If you want to know more, this is called Classless Inter-Domain Routing
> (CIDR)
>
> I'm not sure if this will still be relevant:
> http://www.wplug.org/~jo2y/talks/iptables/slides/
>
> I started working on an updated version, but was sidetracked by school.
>
> -james
>
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug



Henry Umansky
hmust2 [at] pitt [dot] edu
http://www.pitt.edu/~hmust2

More information about the wplug mailing list