Banning Ip Range

[Bobsuch]

Hey,




I've read a lot of articles but I'm still somewhat confused.

Say if I wanted to ban 120.*.*.*'s entire range.
Would I input inside my firewall as this?

120.0.0.0/16


So it would ban all IP Addresses with 120 as the lead number?
As some articles state that you put /32 or /64 at the end of the Address

[bfarber]

You could run this code at bash to add the ban to iptables

iptables -I INPUT -m iprange --src-range 120.0.0.0-120.255.255.255 -j DROP

[Axel Wers]

Say if I wanted to ban 120.*.*.*'s entire range.

If you want to deny all your forum members with IP 120.*.*.* put to your .htaccess this:

deny from 120

[bfarber]

True, however, that means the request gets bubbled all the way up to the point where you reach a .htaccess file (which is relatively far into the request process). Banning via iptables stops the request before ever even reaching apache, preserving your resources much better. :)

[Axel Wers]

True, however, that means the request gets bubbled all the way up to the point where you reach a .htaccess file (which is relatively far into the request process). Banning via iptables stops the request before ever even reaching apache, preserving your resources much better. :)

I'll remember this :)

[Bobsuch]

You could run this code at bash to add the ban to iptables

iptables -I INPUT -m iprange --src-range 120.0.0.0-120.255.255.255 -j DROP

That would ban them from ever accessing the server? If they used a proxy, could they get past the iptables ban?

[bfarber]

Yes, it would ban them from accessing the server.

Yes, if they used a proxy and thus visited your forum from a different IP, the ban would have no effect - this is the same with any ban method however.

[Bobsuch]

Yes, it would ban them from accessing the server.

Yes, if they used a proxy and thus visited your forum from a different IP, the ban would have no effect - this is the same with any ban method however.

Understood, thanks for your help Bfarber :)