On my dedi games servers we use IPSec to block unwelcome visitors and it works well but only with non dynamic IP's and 90% of people have dynamic IP's these days, I've googled page after page about wildcard banning with IP and submask with very little results
I'm guessing it's like if the IP range is 12.34.***.*** and submask is 12.255.255.255 that banning 12.34.0.0 and 12.255.255.255 would work
Any ideas?
Someone left a note on a piece of cake in the fridge that said, "Do not eat!". I ate the cake and left a note saying, "Yuck, who the hell eats paper ?
Noone?
Someone left a note on a piece of cake in the fridge that said, "Do not eat!". I ate the cake and left a note saying, "Yuck, who the hell eats paper ?
Just how are you using IPSec? IPSec is basically used for negotiating VPN tunnels. It encompasses phase 1 and 2 of IKE and also the security protocols and transform sets used in negotiating a secure tunnel. Not blocking access. So yeah, it would keep out unwelcome visitors because without the correct settings on a VPN client or IPSec capable device you can't access the tunnel. So only valid users can get to your server.
Your subnet mask won't work as it's invalid. Masks are binary numbers, so 12 is not valid. In fact IP addresses are binary numbers but we use dotted decimal so we poor dumb humans can read them. And DNS servers so we don't have to remember loads of dotted decimal ddresses. The mask to identify a B class of addresses (I know 12 is an A class, but the breakdown here is a B class) is 255.255.0.0 unless your device uses reverse masks (also called wildcards). If you have a specific range of addresses I'd be happy to help out with the masking. But you can get subnet calculators online. They'll do the job for you in no time.
Are you sure you mean IPSec and not IPS? What are you using to host the security. Is it on your server or do you have a dedicated router/firewall?
"You want loyalty? ......get a dog!"
I think you've firmly grabbed the wrong end of the stick.
You want to add a rule to a re firewall or soft5ware filter to only allow certain IP's to connect.
However I'm not convinced its the way to get things to work
If you wished to ban 12.34.0.0 to 12.34.255.255 then adding 12.34.0.0 with a subnet mask of 255.255.0.0 would work.
You need to know exactly what ranges you would like to exclude or find another way to do it.
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote