hosts.deny vs iptables

[jdow]

From: "CodeHeads" <codeheads at gmail.com>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, 24 May 2006 10:34:23 -0500 Bruno Wolff III <bruno at wolff.to> wrote:
> 
>> On Wed, May 24, 2006 at 10:46:39 -0400,
>>   CodeHeads <codeheads at gmail.com> wrote:
>> > 
>> > Ed,
>> > Thank you, That what I was looking for to verify what I have learned so far.
>> > 
>> > Question on entering IP address in IPTables, say I want to add a range to
>> > block the whole ip range of 10.0.0.0 (example of course)
>> > Can I do this:
>> > $iptables -A FORWARD -p tcp -s 10. -i eth0 -j DROP
>> > OR
>> > $iptables -A FORWARD -p tcp -s 10.* -i eth0 -j DROP
>> 
>> Either
>> $iptables -A FORWARD -p tcp -s 10.0.0.0/8 -i eth0 -j DROP
>> or
>> $iptables -A FORWARD -p tcp -s 10.0.0.0/255.0.0.0 -i eth0 -j DROP
>> will work.
> 
> Thank you Bruno.  Just wanted to verify about the wild cards.
> 
> Sorry for all the questions, IP's confuse me a bit. :) LOL
> Say if I have a range of 222.96.0.0 - 222.122.255.255
> Is there a calculator that will tell me the netmask??

There isn't one. The net mask is powers of two. It is often
easier to think of it as 222.96.0.0/11 for the nearest to the
case you site, 222.96.0.1 to 22.127.255.254. That means
255.240.0.0 is the mask.

{^_^}