Originally Posted by
The Cog
You may sometimes see a mask written in dotted quad notation, e.g. 255.255.255.0. This form gives a 32-bit value that consists of n 1s followed by 32-n zeros. 255.255.255.0 has 24 leading ones, and so means the same as /24.
I had forgotten about the dotted quad notation. While I can not think of a reason why it would be needed, it does provide a way to have whatever bit mask one wants. Example:
Code:
# . check the static blacklist.
#
# http related
$IPTABLES -A http-new-in -i $EXTIF -s 5.100.113.117/255.255.0.255 -j DROP
$IPTABLES -A http-new-in -i $EXTIF -s 5.100.113.117/255.255.255.0 -j DROP
$IPTABLES -A http-new-in -i $EXTIF -s 5.248.83.0/24 -j DROP
Which gives (from "sudo iptables -v -x -n -L | more"):
Code:
Chain http-new-in (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- eth1 * 5.100.0.117/255.255.0.255 0.0.0.0/0
0 0 DROP all -- eth1 * 5.100.113.0/24 0.0.0.0/0
0 0 DROP all -- eth1 * 5.248.83.0/24 0.0.0.0/0
Bookmarks