homepage Welcome to WebmasterWorld Guest from 54.204.90.135
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
pf.conf
how do you block a range of IPs?
Finder




msg:910487
 9:52 pm on Sep 17, 2002 (gmt 0)

For example, if I wanted to block a range like 63.148.99.224 - 63.148.99.255

I'm just getting my feet wet with this stuff. I know how to block a single IP but snooping companies like Cyveillance usually have a whole set of originating IPs.

 

Duckula




msg:910488
 1:13 pm on Sep 18, 2002 (gmt 0)

I'm not exactly sure what are you talking about (I'm not very experienced on packet filtering), but instinct tells me that you would use wildcards; at your example,

63.148.99.*

would block the whole subrange; I'd especulate that

63.148.99.[224-255]

may work.

Finder




msg:910489
 12:38 am on Sep 26, 2002 (gmt 0)

Just for future reference, I did finally figure it out.

Whereas:
block in quick on xxx from 63.148.99.224/32 to any

will block a single IP, using a /27 will block a subnet range of 32 IP addresses, specifically, 63.148.99.224 - 63.148.99.255.

/24 = 256 ip addresses
/25 = 128
/26 = 64
/27 = 32
/28 = 16
/29 = 8
/30 = 4
/31 = 2
/32 = 1

This is great for blocking snooping companies like Cyveillance that can't be blocked via user-agent. I also discovered a gem in another forum, using mod_rewrite to accomplish the same task in either .htaccess or httpd.conf:

RewriteCond %{REMOTE_ADDR} ^63\.148\.99\.2(2[4-9][3-4][0-9]5[0-5])$

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved