Welcome to WebmasterWorld Guest from 23.22.250.113

Forum Moderators: bakedjake

Message Too Old, No Replies

pf.conf

how do you block a range of IPs?

     

Finder

9:52 pm on Sep 17, 2002 (gmt 0)

10+ Year Member



For example, if I wanted to block a range like 63.148.99.224 - 63.148.99.255

I'm just getting my feet wet with this stuff. I know how to block a single IP but snooping companies like Cyveillance usually have a whole set of originating IPs.

Duckula

1:13 pm on Sep 18, 2002 (gmt 0)

10+ Year Member



I'm not exactly sure what are you talking about (I'm not very experienced on packet filtering), but instinct tells me that you would use wildcards; at your example,

63.148.99.*

would block the whole subrange; I'd especulate that

63.148.99.[224-255]

may work.

Finder

12:38 am on Sep 26, 2002 (gmt 0)

10+ Year Member



Just for future reference, I did finally figure it out.

Whereas:

block in quick on xxx from 63.148.99.224/32 to any

will block a single IP, using a /27 will block a subnet range of 32 IP addresses, specifically, 63.148.99.224 - 63.148.99.255.

/24 = 256 ip addresses
/25 = 128
/26 = 64
/27 = 32
/28 = 16
/29 = 8
/30 = 4
/31 = 2
/32 = 1

This is great for blocking snooping companies like Cyveillance that can't be blocked via user-agent. I also discovered a gem in another forum, using mod_rewrite to accomplish the same task in either .htaccess or httpd.conf:

RewriteCond %{REMOTE_ADDR} ^63\.148\.99\.2(2[4-9][3-4][0-9]5[0-5])$
 

Featured Threads

Hot Threads This Week

Hot Threads This Month