iptables and blocking large subnets

Website Rob

Well-Known Member
Mar 23, 2002
1,504
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
Ok, quick question on using iptables to block an entire range, or mask of IPs.

I have a Spammer trying to used un-allocated IPs from sbcglobal.net to send through my Domain name. Yes, they are blocked through the anti-rely setup, but I want to shut them down!

Not being that familiar (yet) with iptables, reading the MAN page tells me this:

"-s, --source [!] address[/mask]
Source specification. Address can be either a hostname, a network name, or a plain
IP address. The mask can be either a network mask or a plain number, specifying the
number of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
to 255.255.255.0. A "!" argument before the address specification inverts the sense
of the address. The flag --src is a convenient alias for this option."

Now, if wanted to drop: 67.64.156.0 - 67.64.159.255, would I then use: !NET-67-64-156-0-1

i.e., -I INPUT -s !NET-67-64-156-0-1 -j DROP

Alternatively, I understand one can also create a: /etc/hosts.deny file. Not having created one before I'm not sure of the syntax to use or, if it would be applicable to this (denying eMail access) situation.


Share your knowledge or experience and many will benefit from this thread -- myself included. :D

cPanel.net Support Ticket Number:
 

ciphervendor

Well-Known Member
Aug 26, 2002
1,051
0
166
You should use this instead:

iptables -I INPUT -s 67.64.156.0/22 -j DROP
iptables-save

cPanel.net Support Ticket Number: