ok, I got most of the basics down. when i want to deny an ip or all of an ip block (last numbers only) I can do: iptables -A INPUT -s xxx.yyy.zzz.0/24 -j DROP and it takes care of the entire ip block. However, I want to block entire ranges hwere I have XX.YY.0.0 between xx.yy.0.0 and xx.yy.255.255. whats the netmask notation for this? also, whats the notation if I want to block a partial range on the last digets (llike xxx.yyy.zzz.aaa-bbb where aaa= low end and bbb= high end)? some thinsg are just not explained in the iptables howto here are the addresses I really wish to block: 65.218.172.208-223 63.99.64.64-127 65.192.* 65.118.41.192-223 63.148.99.224-255 63.64.* 209.244.* I have been seeing a lot of strange activity from these ranges of late and have discovered that they belong to: 1. RIAA 2. cyveillance 3. warner music 4 BayTSP 5. IRMA most of the "strange activities" have been related to attempted breakins (hacking/cracking), DoS, and other such nonsense. given stories of late in /. and a few of the more mainstream news sources, it looks like the RIAA and associates are looking for people who are sharing or running servers (I will admit to neither at this time) and they aren't caring if they are violating current laws or not in their pursuit of "revenue stream protection" if someone would be so kind as to help me figure out the netmask notations on the above, I would greatly appreciate it. Thanks Technomage -- I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own - No. 6