Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need to block wan ip address that ranges from 172.XXX.XXX.80 - 100.

Posted on 2012-03-14
6
Medium Priority
?
693 Views
Last Modified: 2012-03-22
How can I block not just the range of 80 - 100, but the full WAN IP? Can I put a block in the firewall for 172.XXX.XXX.0 and that will cover that whole IP range??
0
Comment
Question by:jmahlmann
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 31

Accepted Solution

by:
farzanj earned 500 total points
ID: 37720171
Yes you can.  Which firewall are you using?  A network (Cisco PIX)? Or a Linux firewall??

Warning:  This can cause unexpected problems as it would stop all of your WAN network traffic even DNS lookups.

Allow the addresses you want --your internal address ranges and disallow the rest.

For iptables

iptables -A INPUT -s 172.0.0.0 -j ACCEPT
iptables -A INPUT -s 0/0 -j DROP

Open in new window

0
 
LVL 7

Assisted Solution

by:HaiFai
HaiFai earned 500 total points
ID: 37720246
Hi

Yes this should work 172.XXX.XXX.0/24 (that 24 is shortcut for mask 255.255.255.0)
or 172.XXX.XXX.0 if you cannot specify mask there.
0
 
LVL 4

Assisted Solution

by:schmitty007
schmitty007 earned 500 total points
ID: 37720299
Depending on what device you are using as a firewall the steps to apply this filter will be different but, you can block a range of IPs or different subnets with most firewalls by simply entering the IP range or subnet you wish to block.

Example: 172.0.0.0 /8 or 172.0.0.0 255.0.0.0 that will block all 172.x.x.x addresses but the principle applies. A good idea for you might be to download/look up a subneting app either to your phone or on the web and input the IPs you want to block and move the subnet until it best fits the range you want to block.

As poster above has stated this may cause undesirable effects in block web pages or services you don't intend to block.
Also note that 172.16.0.0 to 172.31.255.255 address range is reserved for private use and do not route over the internet. And that subnet is represented by 172.16.0.0/19 or 172.16.0.0 255.255.224.0.
0
Linux Academy Android App Now Supports Chromecast

We have some fantastic news for our Android fans. We’re so excited to announce that the Linux Academy Android app is now available with Chromecast support. That’s right – simply download the latest update of the Linux Academy App and start casting your favorite course videos!

 
LVL 62

Assisted Solution

by:gheist
gheist earned 500 total points
ID: 37724276
172.x.x.x may be a RFC1918 address thus really you might need to ask your WAN provider to block martian traffic.
0
 
LVL 25

Expert Comment

by:madunix
ID: 37730969
try to drop the network block on the interfaces of your network router
ip route x.y.z.0 255.255.255.0 Null0
0
 
LVL 62

Expert Comment

by:gheist
ID: 37731389
Normally provider has to do it, but does not hurt if you find they do not. Say mine is leaking 10.x.x.x of their service network all the time...
0

Featured Post

Tutorials alone can't teach real engineering

So we built better training tools.

-Hands-on Labs
-Instructor Mentoring
-Scenario-Based Tests
-Dedicated Cloud Servers

All at your fingertips. What are you waiting for?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question