[Koha] [EXTERNAL] Re: Sort of OT: configuring UFW

King, Fred Fred.King at Medstar.net
Fri May 29 05:57:21 NZST 2020


Thank you! It almost does. Now I need to think about it for a bit. Or maybe for an octet. 😊

Fred King, MSLS, AHIP
Medical Librarian, MedStar Washington Hospital Center
fred.king at medstar.net<mailto:fred.king at medstar.net>
202-877-6670
ORCID 0000-0001-5266-0279
MedStar Authors Catalog: http://medstarauthors.org

I was singing the blues when I was six. Kind of sad, eh?
--Harry Dean Staunton

From: asakovich at hmcpl.org <asakovich at hmcpl.org>
Sent: Thursday, May 28, 2020 1:45 PM
To: King, Fred <Fred.King at Medstar.net>
Cc: Koha <koha at lists.katipo.co.nz>
Subject: [EXTERNAL] Re: [Koha] Sort of OT: configuring UFW

** ATTENTION: This email originated from outside the MedStar network.
** DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe.
One of the easiest IP network calculators to use on the web that I’ve found is at

  http://www.subnet-calculator.com/subnet.php?net_class=B<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.subnet-2Dcalculator.com_subnet.php-3Fnet-5Fclass-3DB&d=DwMFaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=SedjTjhSL5u6Lty5N79OwD0gVFpS6ppqwP7WxBNpWsk&s=iN8Y55IswKkQJrbzfzvaBqF_QQ4s51JZGzdopNzutAM&e=>

Put in an IP address, select the right range, and play with the number of bits of masks to see what the resulting groups are that you can get. This form is JS powered, so there’s no submitting and reloading pages to recalculate — it happens as soon as you change a field value.

With masks, you’ve got to remember that the ranges you’re working with are based in binary, so multiples of 1, 2, 4, 8, 16, etc are going to work a whole lot easier than 1, 10, or 100 decimal.

For example, you first query:

192.168.x.x

is easily handled by

192.168.0.0/16.

However, things get complex when you start thinking in terms of decimal and try to map that to binary. So while it’s easy for humans to grok your next request:

192.168.22-65.*

Thinking in terms of binary, 22 = 16+4+2. Yuck.

192.168.22.0/23 = 191.168.22.1 - 191.168.23.254
192.168.24.0/21 = 191.168.24.1 - 191.168.31.254
192.168.32.0/19 = 191.168.32.1 - 191.168.63.254
192.168.64.0/23 = 191.168.64.1 - 191.168.65.254

Yes, you need all 4 of those masks to fill up the whole range. Using the aforementioned calculator, I started off with your base address (192.168.22.0) and kept shrinking the number of bits in the mask until the resulting range fell outside of your desired results (from 24 down to 23 — once I switched to 22 bits, the 192.168.22 subnet dropped to a 192.168.16 range — too far!) Go ahead and try it — put 192.168.22.0 in the IP Address field, and start reducing the number of Mask Bits from 24, to 23, and then 22, keeping an eye on the Host Address Range results.

Next, take the next range up (we ended the first range with 192.168.23, so start at 192.168.24.0) and keep shrinking the mask to increase the range of available hosts until you again go one bit too far and the resulting range falls outside your desired results.

Lather, rinse, repeat, until you have all your subnets.

Hope this makes sense!
Aaron
--
Aaron Sakovich
Internet and Technology Services Manager

Huntsville-Madison County Public Library
915 Monroe Street | Huntsville, Alabama 35801 | https://hmcpl.org/<https://urldefense.proofpoint.com/v2/url?u=https-3A__hmcpl.org_&d=DwMFaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=SedjTjhSL5u6Lty5N79OwD0gVFpS6ppqwP7WxBNpWsk&s=Ku0W0_cGknrb4EXJyMzE7SVCh_-M1Df8jgyQ2h_u1Sw&e=>




On May 28, 2020, at 12:08, King, Fred <Fred.King at medstar.net<mailto:Fred.King at medstar.net>> wrote:

My apologies for posting a question that's not exactly Koha-related, though could be. I'm hoping that someone here can explain in a way that a simple medical librarian and part-time Koha geek can understand, or point me to a source that can. Yes, I checked the man page.

What I want to do us use UFW (Uncomplicated Firewall) on Ubuntu to allow access to only permitted IP addresses. I can add one IP address without a problem:
  sudo ufw allow from 192.168.1.115 to any port 80

I think I know how to add a range consisting of anything beginning with 192.168.1.*:
  sudo ufw allow from 192.168.1.0/24 to any port 80
(Please correct me if I'm wrong.)

What I need to do is allow access from the range
  192.168.*.*
or something like this
  192.168.22-65.*
or 192.138.187-189.*

Any ideas or sources of information?

Thanks,

--Fred

Fred King, MSLS, AHIP
Medical Librarian, MedStar Washington Hospital Center
fred.king at medstar.net<mailto:fred.king at medstar.net><mailto:fred.king at medstar.net>
202-877-6670
ORCID 0000-0001-5266-0279
MedStar Authors Catalog: http://medstarauthors.org<https://urldefense.proofpoint.com/v2/url?u=http-3A__medstarauthors.org&d=DwMFaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=SedjTjhSL5u6Lty5N79OwD0gVFpS6ppqwP7WxBNpWsk&s=w2C-iXySXDo0IDFkJEO3GJvfyMoDcTuidzTpCLzlwuM&e=>

I was singing the blues when I was six. Kind of sad, eh?
--Harry Dean Staunton

----------------------------------------------------------------------
MedStar Health is a not-for-profit, integrated healthcare delivery system, the largest in Maryland and the Washington, D.C., region. Nationally recognized for clinical quality in heart, orthopaedics, cancer and GI.

IMPORTANT: This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system without copying it and notify sender by reply e-mail, so that our records can be corrected... Thank you.

Help conserve valuable resources - only print this email if necessary.


_______________________________________________

Koha mailing list  http://koha-community.org<https://urldefense.proofpoint.com/v2/url?u=http-3A__koha-2Dcommunity.org&d=DwMFaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=SedjTjhSL5u6Lty5N79OwD0gVFpS6ppqwP7WxBNpWsk&s=vi6uZStv4YLORuIkJIdC77c8mVrsmyzgPs2NUYn40xU&e=>
Koha at lists.katipo.co.nz<mailto:Koha at lists.katipo.co.nz>
Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.katipo.co.nz_mailman_listinfo_koha&d=DwQFaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=SedjTjhSL5u6Lty5N79OwD0gVFpS6ppqwP7WxBNpWsk&s=CaEmiYGSdFyzf-BVqAELoVXRgMppqvE1yxjTTZvLOMQ&e=>



More information about the Koha mailing list