banning IP-ranges with iptables/CIDR notation

Post by **bad_brain** » 15 Mar 2008, 06:24

when running a server you have to deal with attackers, in some cases it's more comfy to ban the whole IP range of an attacker instead of banning single IPs...for example when the attacker is having a dynamic IP (or when the IP range is from an country that sucks anyway...

)

banning ranges with iptables is no problem, BUT in most cases the --src-range switch is not available, so you can't ban ranges by using an explicit range like 192.168.0.0-192.168.0.255 for example...in this case you have to use the CIDR notation, an example:

Code: Select all

iptables -I INPUT -s 192.168.0.0/24 -j DROP

this would ban the desired range from above.

but what if the ISP range of the attacker is not that simple, for example 192.168.120.0-192.168.240.211 ?
in this case it can become a real pain in the rear to figure out the CIDR notation. last night I was too lazy to calculate the CIDR notation of a range I wanted to ban, so I searched a little and found a nice IP-range->CIDR calculator:
http://www.kgsoft.com/ftp/iprange2cidr.zip

will add this app to the downloads on the next update, enjoy!

p.s. what the rules for the above range would be?

Code: Select all

iptables -I INPUT -s 192.168.120.0/21 -j DROP
iptables -I INPUT -s 192.168.128.0/18 -j DROP
iptables -I INPUT -s 192.168.192.0/19 -j DROP
iptables -I INPUT -s 192.168.224.0/20 -j DROP
iptables -I INPUT -s 192.168.240.0/25 -j DROP
iptables -I INPUT -s 192.168.240.128/26 -j DROP
iptables -I INPUT -s 192.168.240.192/28 -j DROP
iptables -I INPUT -s 192.168.240.208/30 -j DROP

now figure how much time it saved using the calculator..

Post by **ayu** » 15 Mar 2008, 06:29

nice find! =D thanks ^^