[NTLUG:Discuss] hosts.deny

Chris Cox cjcox at acm.org
Thu Dec 13 23:19:46 CST 2001


lee wrote:
...snip... 
> or iptables for 2.4 kernels
> /sbin/iptables -v -A INPUT -s 193.253.0.0/24 -j DROP
> 
> (but don't trust my networking numbers with the slash... i don't know
> how all that stuff works but i myself would try this first and then
> check the resulting effectivity :)

Not sure if the question was about CIDR or not.. but here goes...

It's pretty easy.  The / number specifies the number of bits for masking
an IP range.  In the old days, the smallest net blocks you could give
someone was a full class-C (255 hosts).  That's not too practicle since
many don't need that many hosts.  So CIDR (Classless Internet Domain Routing)
was created to allow partitioning using a / specified mask.  So a /24
(that's the first 3 octets) is effectively the way you specify the
whole class-C above.  Having /16 for example,
would be the same thing as specifying the whole class-B range.
There's a bit more to it... but that's the general gist.  Routers understand
CIDR so now its possible to use (for example) a
single class-C split amongst multiple sites anywhere in the world.  This
also helps make routing more efficient as well (btw).
Much more efficient use of the limited ipv4 address ranges and less
stress on the internet routers of the world.  This all will
change when we move to ipv6 (large addressing).




More information about the Discuss mailing list