banning ranges with iptables is no problem, BUT in most cases the --src-range switch is not available, so you can't ban ranges by using an explicit range like 192.168.0.0-192.168.0.255 for example...in this case you have to use the CIDR notation, an example:
Code: Select all
iptables -I INPUT -s 192.168.0.0/24 -j DROP
but what if the ISP range of the attacker is not that simple, for example 192.168.120.0-192.168.240.211 ?
in this case it can become a real pain in the rear to figure out the CIDR notation. last night I was too lazy to calculate the CIDR notation of a range I wanted to ban, so I searched a little and found a nice IP-range->CIDR calculator:
http://www.kgsoft.com/ftp/iprange2cidr.zip
will add this app to the downloads on the next update, enjoy!
p.s. what the rules for the above range would be?
Code: Select all
iptables -I INPUT -s 192.168.120.0/21 -j DROP
iptables -I INPUT -s 192.168.128.0/18 -j DROP
iptables -I INPUT -s 192.168.192.0/19 -j DROP
iptables -I INPUT -s 192.168.224.0/20 -j DROP
iptables -I INPUT -s 192.168.240.0/25 -j DROP
iptables -I INPUT -s 192.168.240.128/26 -j DROP
iptables -I INPUT -s 192.168.240.192/28 -j DROP
iptables -I INPUT -s 192.168.240.208/30 -j DROP