If u use --source 10.0.0.0/24 -j reject , will that block all ips from 10.0.0.0 to 10.0.0.255 respective?.

What would be the correct expresion to block wider ip ranges... ie 10.0.*

Something like this perhaps ...
10.0.0.0\255.255.0.0 ?

[ 18 June 2002: Message edited by: lordmiki ]

[ 18 June 2002: Message edited by: lordmiki ]

I'm not sure, but maybe it's possible for you to block ALL incoming packets.

Then you can specifically allow certain IP's if needed.

I could :) But it would take much more time than to just block specific ip ranges.

What you sugest is "ignore everything" then allow specific ips. But if i want to allow hundreds of ips i would have a lot of typing to do.

Originally posted by mirza:
<STRONG>If u use --source 10.0.0.0/24 -j reject , will that block all ips from 10.0.0.0 to 10.0.0.255 respective?.</STRONG>

Yes.

<STRONG>What would be the correct expresion to block wider ip ranges... ie 10.0.*

Something like this perhaps ...
10.0.0.0\255.255.0.0 ?
</STRONG>

10.0.0.0/255.255.0.0 or 10.0.0.0/16

Yes.

This (http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html) might be helpful.

[ 18 June 2002: Message edited by: nuisance ]

iptables -P {tablename} deny

sets the policy of a table to deny by default. After that you can then enable things with -j ACCEPT