Linux iptables mask specifies IP and IP segment

Iptables Shielded IP

The code is as follows	Copy Code
Iptables-i input-s 202.77.176.106-j DROP

An entire paragraph, the order from 192.0.0.1 to 192.255.255.254.

The code is as follows	Copy Code
Iptables-i input-s 192.0.0.0/8-j DROP

Prohibit IP paragraph when to see the amount of clearance, do not bar their own IP added to the amount of OH

Block a country IP segment

Now that you have all the IP addresses of the country, it's easy to block these IPs by writing a script to read Cn.zone files line-by-row and add them to the iptables:

The code is as follows

Copy Code

#!/bin/bash # block traffic from a specific country # Written by Www.111cn.net COUNTRY = "cn" IPTABLES =/sbin/iptables Egrep =/bin/egrep If ["$ (id-u)"!= "0"]; Then echo "You must be root" 1>&2 Exit 1 Fi Resetrules () { $IPTABLES-F $IPTABLES-T Nat-f $IPTABLES-T Mangle-f $IPTABLES-X } Resetrules For C in $COUNTRY Todo Country_file = $c. Zone IPS = $ ($EGREP-V "^#|^$" $country _file) For IP in $IPS Todo echo "Blocking $ip" $IPTABLES-A input-s $ip-j DROP Done Done Exit 0