News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: how to ban a ip range
Pages: [1]
Topic: how to ban a ip range  (Read 2349 times)
« on: September 23, 2007, 02:13:50 »
tora *
Posts: 11
how can i ban the ip range 192.168.1.80 - 192.168.1.199 ??

i have looked at wikipedia about cidr and i still dont get it

please somebody tell me before i turn completly insane

also why am i forced to use cidr?
p.s. sorry for the bad english, i from the Netherlands (Nederland) (.NL)
« Reply #1 on: September 24, 2007, 10:25:21 »
markb ****
Posts: 331
You can ban a range of IP addresses using monowall, however, you have to specify it as a network.  This comes in the form of a Network ip range and a subnet mask in bits.  For example a standard class C range between 192.168.1.0 - 192.168.1.255 would be entered as 192.168.1.0/24 Although the range 80 - 199 looks nice and convenient on paper, it doesn't fit easily into the binary that underlies TCP/IP.  You can cover it with 5 rules, you would have to block the following Networks.
192.168.1.80/28
192.168.1.96/28
192.168.1.112/28
192.168.1.128/28
192.168.1.192/29
These will effectively block all addresses between 192.168.1.80 - 192.168.1.199

However as you are roughly blocking 120 addresses, it would be neater if you could reconfigure your network so that you would need to block either 192.168.1.0 - 192.168.1.127 or 192.168.1.128 - 192.168.1.255 either of these ranges could be blocked with the single network of 192.168.1.(0 or 128)/25  This would effectively block 126 addresses.

Hope this helps.
« Reply #2 on: September 24, 2007, 23:48:32 »
tora *
Posts: 11
yes this helps

well why i want to block that weird range is because i want the normal "clients" from .1 to .79 , and have servers and routers, etc .200 to .254
and anything that just go's on our network to get a .80 to .199 number (not that i will ever have that many "illegal" machine's but how cares?)


also woudn't it be nice if someone can make a script (javascript or php)
that coverts a range to something we can enter in m0n0wall.
and a. put the script on m0n0wall or b. run it somewhere else.

so people like me or, who are just lazy can just enter a nice range and get a few lines to add back.
« Last Edit: September 24, 2007, 23:54:15 by tora »
p.s. sorry for the bad english, i from the Netherlands (Nederland) (.NL)
« Reply #3 on: September 26, 2007, 14:59:28 »
bitonw **
Posts: 79
use this http://www.subnetmask.info/ to redesign your network... just create network ranges because you like the numbers doesn't make sense...  Wink

ps. iedereen uit 'nederland' zou toch eigenlijk wel redelijk goed engels moeten kunnen lezen & schrijven...
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines