[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] ipchains adding to rc.local
- Subject: [cobalt-security] ipchains adding to rc.local
- From: Scott F <scott_falco@xxxxxxxxx>
- Date: Wed, 25 Jul 2001 18:59:26 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>>In the rc.firewall.blocked file, you can even go for
>>the broader scope and block out the entire IP range
>>if they're a real pain in the ass -like this:
>>
>>203.232.240.255/32
>>63.25.226.255/32
>
>One little point -- in the IPs below, did you >mean
"203.232.240.0/24", since /32 specifies
>only one IP address, and .255 is this Class C's
>broadcast address?
Actually no that wasn't a typo -but you might have
just taught me something as this very point has been
an on-going discussion between myself and another
person for the last week or so...
Say we were trying to basically block out every IP
address within the 203.232.0.0 - 203.232.255.255 range
-from the way I understood it, that was written as
203.232.255.255/32.
But from discussions on this topic, I've been told
that it should be written as 203.232.0.0/24, but was
later told to change that to 203.232.255.255/24
because (as we understood it) 203.232.255.255 is not a
valid host address, but refers to all hosts on network
203.232.0.0. Therefore I was instructed to use
203.232.255.255.255/32 instead of 203.232.0.0/32 - Now
I'm stumped :-)
So what would be the correct method of entering a
complete IP range into our rc.firewall.blocked file if
we wanted to block all IP's from 203.232.0.0 through
203.232.255.255?
Would that be:
203.232.0.0/24
-or-
203.232.0.0/32
-or-
203.232.255.255/24
-or-
203.232.255.255/32
And maybe I get put this baby to bed once and for all.
:-)
Regards,
Scott
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/