I am trying to use iptables to block IP ranges and iprange option doesn't work for me. I tried installing ipt_range but keep getting errors with modprobe and other methods. Hence, I decided to try using this approach: iptables -A INPUT -s [sourceIP]/[CIDR mask] -j DROP I spend 10 minutes looking at this table for CIDR masks (here) but still cannot figure out how to define subnet mask for this range: 1.0.32.0-1.0.63.255...? I understand that I can do it by parts e.g. 1.0.32.0/24 1.0.33.0/24 ... but I would like to figure out whether I can do this range in one line with mask X i.e. iptables -A INPUT -s 1.0.32.0/X -j DROP
You can match up your subnet mask to the appropriate CIDR notation by using the cheat sheet here: http://www.oav.net/mirrors/cidr.html Then you can specify the correct CIDR mask in your iptables rule (which does look correct).
Great, thanks! After converting 32 and 63 to binaries and looking at this cheat sheet it looks like the right mask is 18, so I should use: iptables -A INPUT -s 1.0.32.0/18 -j DROP
Applied this mask and checked with iptables -L - I see the new line there: "DROP all -- 1.0.32.0/18 anywhere " Is this how it supposed to look?