[PLUG] CIDR in ipv4 addressing questions...
Paul Heinlein
heinlein at attbi.com
Mon Apr 14 11:02:01 UTC 2003
On Mon, 14 Apr 2003, Michael Robinson wrote:
> If I use this 192.168.0.0/16 or 172.16.0.0/12 in a firewall for
> class A and class B can I use them to block all private class B and
> private class C nets?
I think the answer is 'yes.' Here's what I did back when I was using
Linux/iptables for my home firewall:
# ------ snip -------
iptables=/sbin/iptables
if_ext=eth1
any=0/0
unassigned="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12"
unassigned="${unassigned} 192.0.2.0/24 192.168.0.0/16"
for net in ${unassigned}; do
$iptables -t nat -A PREROUTING -i $if_ext -s $net -d $any -j DROP
done
# ------ snip -------
Is that what you're asking?
--Paul Heinlein <heinlein at attbi.com>
More information about the PLUG
mailing list