[wplug] iptables multiple addresses?
Dave Neuer
mr_fred_smoothie at yahoo.com
Sat Dec 14 15:22:09 EST 2002
Personally, I always thought the /integer notation was
mentally easier than the /dotted-octect notation, but
fortunately the iptables code handles both.
Also remember that with iptables, you're not really
specifying a netmask, so much as a "matchmask": i.e.,
while /0 and /32 aren't valid netmasks AFAIK, they're
valid in iptables because you're really specifying how
many bits of an actual address to match against (which
is also why you don't need to specify the /32 at all
if you want to match the whole address -- just leave
the /* part off -- and why you can just do "0/0" or
"muffin/0" for "any address" since the left side is
then irrelevant).
Yes, I have too much time on my hands.
Dave
--- James O'Kane <jo2y at midnightlinux.com> wrote:
> On Sat, 14 Dec 2002, Henry Umansky wrote:
>
> > I always thought you don't have to put the full
> address like
> > 111.111.111.0/255.255.255.0, you can just put
> 111.111.111.0/0,
> > 111.111.111.0/128, 111.111.111.0/192, etc. or even
> if you just wanted a
> > range of ips from say 155-163 then you can just
> put 111.111.111.155/248 or
> > something like that. Can someone clarify this,
> especially if I'm wrong.
>
>
> The number you want after the / is the number of
> bits set to 1 in the
> netmask, common ones are 255.255.255.0 is /24,
> 255.255.0.0 is /16,
> 255.0.0.0 is /8.
>
> -james
>
>
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
More information about the wplug
mailing list