So, let's say that you are a new Linux admin (or you just want to block hacking attacks on your desktop).

And you just have found a contiguous range of ip addresses that are hitting your server; all trying the standard bevy of hacks and attacks on your website...

...and you would just like to block the whole range.

It is sometimes a pain to remember the right CIDR netmask numbers to add after the starting ip address to block a range.

Fortunately neustar has a nice tool to help with this calculation.

Just type in the starting ip (in our example, "149.20.4.15"), followed by anything from /32 to /1, to see what all would be blocked by your chosen range.

neustar CIDR calculator

• /32 blocks just that ip.
• /31 blocks 2 ips. The starting ip and the next one.
• /30 blocks 4 ips.
• /29 blocks 8, and so on to
• /1 which blocks 256 bits of the ip or around 2B ip addresses.

You may notice that whole 1, 2, 4, 8 doubling-thing that is going on there. Each lower number doubles the amount of ips that would be blocked by the prior number.

/24 is commonly used, as it blocks the lower 256 ip numbers; so 149.20.4.0/24 would block the ip range 149.20.4.0 to 149.20.4.255.

Tip: You don't want to use /1, as that can be a very wide range of ips. For example, 149.20.4.15/1 would block 2,147,483,648 ips, or about ½ of the IPv4 internet.

See: https://www.ultratools.com/tools/netMask

Note: The example IP used is from Debian. Don't block Debian :)