How can I dynamically determine the IP mask to use for dynamic ranges?

Question

I have a list of ranges for IP addresses that I want to block, the ranges are like 210.80.32.0 to 210.80.63.255

How can I dynamically determine the right 210.80.32.0/NUMBER to capture the full range?

sudo ufw deny 210.80.32.0/???

I am reading these IP ranges in once a month from text files to add to my firewall rules, I tear the firewall down once a month and rebuild it to capture any changes in these ranges. Currently I am just doing lowerrange/20 in the rule.

So I need to get the two network values by splitting the string on . then do the math to determine how many there are.. and add a rule for each network?

earthmeLon · Accepted Answer · 2016-02-19T20:23:18.360

You are using CDIR notation here. You may want to read more about CDIR notation and subnet masks.

In your example, you could break out the two networks into:

210.80.32.0/24
210.80.33.0/24

This translates to:

255.255.255.0

or:

210.80.32.0-254
210.80.33.0-254

You should now be able to perform:

sudo ufw deny 210.80.32.0/24 && sudo ufw deny 210.80.33.0/24

Other examples

You could block 210.80.0.0/16, which would block 210.80.0-254.0.254, but this will block IPs in ranges not specified in the original post.

How can I dynamically determine the IP mask to use for dynamic ranges?

1 Answers1

Other examples