24.0.0.0/8 = 24.0.0.0 to 24.255.255.255 or 16,777216 unique IPs (including network and broadcast) 24.0.0.0/24 = 24.0.0.0 to 24.0.0.255 or 256 unique IPs (including network and broadcast) Make sure you put the limited accept rule before the blanket deny rule because the first match wins. >>> mjn at umn.edu 04/17/01 10:34AM >>> We have ipchains firewalling on a RedHat 6.1 box here at work and we are having some problem with people running mail servers on the cable-modem dominated sections of the network (24.0.0.0). Here is the rule we have for that: IPCHAINS="/sbin/ipchains" LOCALNET="IP/NETMASK" $IPCHAINS -A input -l -s 24.0.0.0/8 -d $LOCALNET -j DENY Now, what I'd like to do is just allow access to port 25 for the whole subnet to eilminate my having to throw in specific IPs in and restart the firewall. Its like just a problem with my understanding of TCP/IP(or, more likely, IPchains) but here is what I have tried which didn't seem to work: $IPCHAINS -A input -p tcp -s 24.0.0.0/24 -d $LOCALNET 25 -j ACCEPT I also tried it without the port number. My big problem is not understanding what the mask "/24" is doing in this case (and many others)... Suggestions? Does anyone have a better philosophy regarding cable-modem users? Should I be punting all of their packets into oblivion? It feels good but it starting to become more of a staple and thus we may run into problems eventually... Thanks. ____________________________ Mike Neuharth ADCS Technology Specialist http://www.umn.edu/adcs E-Mail : mjn at umn.edu Page Mail : 6126486512 at page.metrocall.com http://supermonkeycollider.dyndns.org/ ____________________________ _______________________________________________ tclug-list mailing list tclug-list at mn-linux.org https://mailman.mn-linux.org/mailman/listinfo/tclug-list