Blog → Post


(TIP) Blocking Ranges of IPs
a CIDR Tool
by @admin, august 17, 2020, 04:34pm utc

So, let's say that you are a new Linux admin (or you just want to block hacking attacks on your desktop).

And you just have found a contiguous range of ip addresses that are hitting your server; all trying the standard bevy of hacks and attacks on your website...

...and you would just like to block the whole range.


It is sometimes a pain to remember the right CIDR netmask numbers to add after the starting ip address to block a range.

Fortunately neustar has a nice tool to help with this calculation.

Just type in the starting ip (in our example, "149.20.4.15"), followed by anything from /32 to /1, to see what all would be blocked by your chosen range.


CIDR calculator
neustar CIDR calculator


  • /32 blocks just that ip.
  • /31 blocks 2 ips. The starting ip and the next one.
  • /30 blocks 4 ips.
  • /29 blocks 8, and so on to
  • /1 which blocks 256 bits of the ip or around 2B ip addresses.

You may notice that whole 1, 2, 4, 8 doubling-thing that is going on there. Each lower number doubles the amount of ips that would be blocked by the prior number.

/24 is commonly used, as it blocks the lower 256 ip numbers; so 149.20.4.0/24 would block the ip range 149.20.4.0 to 149.20.4.255.

Tip: You don't want to use /1, as that can be a very wide range of ips. For example, 149.20.4.15/1 would block 2,147,483,648 ips, or about ½ of the IPv4 internet.


See: https://www.ultratools.com/tools/netMask

Note: The example IP used is from Debian. Don't block Debian :)

tags: Advanced users, Tips
Footer done in Inkscape