[Snort-users] Maybe a bit OT...

John Sage jsage at ...2022...
Sat Feb 23 04:03:02 EST 2002


Craig:

I think you want /16, if you want the whole block:

Address:   4.41.0.0              00000100.00101001 .00000000.00000000
Netmask:   255.255.0.0 == 16     11111111.11111111 .00000000.00000000
=>
Network:   4.41.0.0/16           00000100.00101001 .00000000.00000000 (Class A)
Broadcast: 4.41.255.255          00000100.00101001 .11111111.11111111
HostMin:   4.41.0.1              00000100.00101001 .00000000.00000001
HostMax:   4.41.255.254          00000100.00101001 .11111111.11111110
Hosts/Net: 65534

(Cool tool tip: ipcalc @ http://jodies.cx/ipcalc.pl )

On Sat, Feb 23, 2002 at 03:50:51AM -0600, J. Craig Woods wrote:
> If I want to filter out all packets coming from any machine in the
> 4.41.x.x subnet (where x can be any value), would the correct CIDR be
> 4.41.0.0/12? I am writing an ipchains rule that does not seem to get the
> job done. The rule:
> $IPCHAINS -A input -p tcp -s 4.41.0.0/12 -d $OUTERNET 80 -j DENY

What about this is *not* working?

The netblock range, or something else?


- John
-- 
Most people don't type their own logfiles;  but, what do I care?




More information about the Snort-users mailing list