[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] ipchains adding to rc.local
- Subject: Re: [cobalt-security] ipchains adding to rc.local
- From: Ted Behling <TBehling@xxxxxxxxxxxxx>
- Date: Wed, 25 Jul 2001 23:06:30 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Well, it would actually be 203.232.0.0/16. See, IP addresses are composed
of 32 bits, and each of the four decimal numbers we see actually represents
one "block" of 8 bits (8 x 4 = 32). So, if you specify a network mask of
16, you're saying that everything after the 16th bit (i.e., the second half
of the address) is the host part of the address. In other words, you've
got (256*256)-2 addresses to work with within that network. Keep in mind
that you can't use the network address, 203.232.0.0, or the broadcast
address, 203.232.255.255, for hosts. Likewise, specifying a netmask of 24
says that you have 256-2 addresses within the network, and specifying a
netmask of 32 narrows it down to 1 IP address, since all the bits are in
the "network" side of the address.
Separately, I seem to recall that IPs starting with numbers above 192 are
allocated in Class C blocks of 256 addresses (24-bit netmasks). Given
that, your firewall would be blocking 256 contiguous Class C blocks with a
subnet mask of 16 bits. Are you sure that's what you want to do?
Number bases are fun!
(This is probably OT, but I'm willing to keep it on-list so long as
somebody finds it at least interesting...)
At 06:59 PM 7/25/01 -0700, Scott F wrote:
>So what would be the correct method of entering a
>complete IP range into our rc.firewall.blocked file if
>we wanted to block all IP's from 203.232.0.0 through
>203.232.255.255?
>
>Would that be:
>
>203.232.0.0/24
>
>-or-
>
>203.232.0.0/32
>
>-or-
>
>203.232.255.255/24
>
>-or-
>
>203.232.255.255/32
-------------------------------------------------------------------------
Ted Behling, Web Application Developer, Monarch Information Systems, Inc.
43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
E-mail: mailto:TBehling@xxxxxxxxxxxxx
Phone/Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894
Cell Phone (urgent issues): 843-816-7895
Cell Phone E-mail: mailto:TedPhone@xxxxxxxxxxxxx (116 letter limit)
Web site: http://www.monarchis.net
-------------------------------------------------------------------------