 |
范围封禁只应该是临时的,并只能用于紧急状态。 如果封禁时长需要长于2周,那么应该联系Gamepedia员工。 |
- 有关于IPv6的范围封禁,请见/IPv6。
范围封禁是一种技术限制,实行方式为阻止某组IP地址编辑、注册账号、通过Wiki界面发送邮件等。如果你勾选“阻止登录用户使用该IP地址编辑”的选框,连接自已封禁范围的已注册账号的编辑也会被阻止。即使是勾选了“新建或修改全域封禁”选项,范围封禁也只能在本地生效,。
要在特殊:封禁中封禁IP范围,先输入首个IP地址,后跟随一个正斜杠和无类别域间路由(CIDR)后缀。除非你充分了解自己的操作,否则应该避免范围封禁,不然可能会误封几万甚至几百万无辜用户!
本条目主要讨论IPv4;IPv6的封禁原理类似,但是有细微差别,请见/IPv6。
通俗说明
封禁IP范围
IP地址可以分为多个号码区段。例如148.20.57.0到148.20.57.255。末位达到255后下一个号码会是148.20.58.0。
IP地址的拆分方式可以有大有小。实际的最小单位是4。可以是如下之一:
148.20.57.0 - 148.20.57.3;148.20.57.4 - 148.20.57.7;148.20.57.8 - 148.20.57.11等
每块4号码的区段,只有两个可以映射到一台计算机。任何区段的首个和末个号码都会被保留用于网络通信。任何等级30的区段都可以如下表记:
148.20.57.0/30;148.20.57.4/30;148.20.57.8/30等
次小的区段是8。如下所示:
148.20.57.0 - 148.20.57.7;148.20.57.8 - 148.20.57.15;148.20.57.16 - 148.20.57.23等
每块8号码的区段,只有6个可以映射到一台计算机。类似地,任何区段的首个和末个号码都会被保留用于网络通信。表记方式如下:
148.20.57.0/29;148.20.57.8/29;148.20.57.16/29等
此后开始,每块区段的IP地址数量逐次翻倍:16、32、64、128、256,以此类推。
- 16个地址的区段:
148.20.57.0/28。 - 32个地址的区段:
148.20.57.0/27。 - 64个地址的区段:
148.20.57.0/26。 - 128个地址的区段:
148.20.57.0/25。 - 256个地址的区段:
148.20.57.0/24。
现在,如果你有一个IP地址并想要封禁一个分配区块,你是否已经清楚如何使用?
假设,你发现148.20.57.34有可疑操作。你可以在http://arin.net/whois/?queryinput=148.20.57.34查询该地址的拥有者。
再假设,现已查询到该地址已经被分配给战略忽悠局,并隶属于/17的区块。我们肯定犯不着封禁整个分配给战忽局的区块!封禁的首要原则是越少越好。请仅在大量IP引起同一麻烦时使用范围封禁。
下为一个实用的工具:
http://www.csgnetwork.com/ipinfocalc.html。
Go to this site and enter 148.20.57.34 into the first set of blanks. Now select Network Prefix Length and enter 27 (this will give a block of 32 addresses) and click Calculate Network Information. This will show us a block of 32 IP addresses that include 148.20.57.34. (The first - network - and the last - broadcast - addresses will be displayed along with the usable addresses in the range.) You can use this tool to test ranges to be sure they are what you want before entering the information to initiate the block.
技术说明
CIDR notation is written as the IP address, a slash, and the CIDR suffix (for example, the IPv4 "10.2.3.41/24" or IPv6 "a3:bc00::/24"). The CIDR suffix is the number of starting digits every IP address in the range have in common when written in binary.
For example: "10.10.1.32" is binary "00001010.00001010.00000001.00100000", so 10.10.1.32/27 will match the first 27 digits ("00001010.00001010.00000001.00100000"). The IP addresses 10.10.1.32–10.10.1.63, when converted to binary, all have the same 27 first digits and will be blocked if 10.10.1.32/27 is blocked.
As the CIDR suffix increases, the block affects fewer IP addresses (see table of sample ranges). CIDR suffixes are not the same for IPv4 addresses as they are for IPv6 addresses; the same CIDR suffix in IPv4 blocks 296=79,228,162,514,264,337,593,543,950,336 times as many addresses in IPv6.
计算CIDR后缀
You can use the table of sample ranges below to guess the range, use a computer script, or manually calculate the range.
转换到二进制
The first step in manually calculating a range is to convert the first and last IP address to binary representation. (This assumes you're not using a computer script, which can probably calculate the range for you anyway.) An IP address is composed of four groups of eight ones and zeros. Each group represents a number from 0 to 255. To convert a number to binary, you can use a reference table or know the value of each binary digit:
Binary digit: 1 1 1 1 1 1 1 1Value: 128 64 32 16 8 4 2 1
Proceeding from left to right, fill in 1 if the number is at least that value, and subtract that value (if it's not, fill in 0 and don't subtract). For example, to calculate 240:
- 240 is at least 128, so place
1and subtract 128. - 112 (240-128) is at least 64, so place
1and subtract 64. - 48 (112-64) is at least 32, so place
1and subtract 32. - 16 (48-32) is at least 16, so place
1and subtract 16. - Since the remaining value is zero, all the remaining places are
0.
Thus, 240 is 1111 0000 because it can be represented as 128+64+32+16+0+0+0+0.
计算范围
- Place both IP addresses one atop the other, and count how many starting digits are exactly alike. This is the CIDR suffix.
- Double-check! Being off by one digit could extend your block by thousands of addresses.
The example below calculates the CIDR range between 69.208.0.0 and 69.208.0.255. Note that this is a simple example; some groups of IP addresses do not so neatly fit CIDR suffixes, and need multiple different-sized blocks to block the exact range.
- IP addresses:
69.208.0.069.208.0.255
- Convert to binary:
0100 0101.1101 0000.0000 0000.0000 00000100 0101.1101 0000.0000 0000.1111 1111
- Count identical first numbers:
0100 0101.1101 0000.0000 0000.0000 00000100 0101.1101 0000.0000 0000.1111 1111|____________________________|24 digits
- CIDR range:
69.208.0.0/24
示例范围表
The table below shows the IPv4 blocks each CIDR suffix affects. Note that MediaWiki only supports blocking CIDR suffixes 16–32 in IPv4 and 64–128 in IPv6 by default (subject to $wgBlockCIDRLimit). See /IPv6 for an IPv6 range table.
| CIDR | Start Range | End Range | Total addresses | Bits selected in IP address |
|---|---|---|---|---|
69.208.0.0/0
|
0.0.0.0
|
255.255.255.255
|
4,294,967,296 | ********.********.********.********
|
69.208.0.0/1
|
0.0.0.0
|
127.255.255.255
|
2,147,483,648 | 0*******.********.********.********
|
69.208.0.0/4
|
64.0.0.0
|
79.255.255.255
|
268,435,456 | 0100****.********.********.********
|
69.208.0.0/8
|
69.0.0.0
|
69.255.255.255
|
16,777,216 | 01000101.********.********.********
|
69.208.0.0/11
|
69.192.0.0
|
69.223.255.255
|
2,097,152 | 01000101.110*****.********.********
|
69.208.0.0/12
|
69.208.0.0
|
69.223.255.255
|
1,048,576 | 01000101.1101****.********.********
|
69.208.0.0/13
|
69.208.0.0
|
69.215.255.255
|
524,288 | 01000101.11010***.********.********
|
69.208.0.0/14
|
69.208.0.0
|
69.211.255.255
|
262,144 | 01000101.110100**.********.********
|
69.208.0.0/15
|
69.208.0.0
|
69.209.255.255
|
131,072 | 01000101.1101000*.********.********
|
69.208.0.0/16
|
69.208.0.0
|
69.208.255.255
|
65,536 | 01000101.11010000.********.********
|
69.208.0.0/17
|
69.208.0.0
|
69.208.127.255
|
32,768 | 01000101.11010000.0*******.********
|
69.208.0.0/18
|
69.208.0.0
|
69.208.63.255
|
16,384 | 01000101.11010000.00******.********
|
69.208.0.0/19
|
69.208.0.0
|
69.208.31.255
|
8,192 | 01000101.11010000.000*****.********
|
69.208.0.0/20
|
69.208.0.0
|
69.208.15.255
|
4,096 | 01000101.11010000.0000****.********
|
69.208.0.0/21
|
69.208.0.0
|
69.208.7.255
|
2,048 | 01000101.11010000.00000***.********
|
69.208.0.0/22
|
69.208.0.0
|
69.208.3.255
|
1,024 | 01000101.11010000.000000**.********
|
69.208.0.0/23
|
69.208.0.0
|
69.208.1.255
|
512 | 01000101.11010000.0000000*.********
|
69.208.0.0/24
|
69.208.0.0
|
69.208.0.255
|
256 | 01000101.11010000.00000000.********
|
69.208.0.0/25
|
69.208.0.0
|
69.208.0.127
|
128 | 01000101.11010000.00000000.0*******
|
69.208.0.0/26
|
69.208.0.0
|
69.208.0.63
|
64 | 01000101.11010000.00000000.00******
|
69.208.0.0/27
|
69.208.0.0
|
69.208.0.31
|
32 | 01000101.11010000.00000000.000*****
|
69.208.0.0/28
|
69.208.0.0
|
69.208.0.15
|
16 | 01000101.11010000.00000000.0000****
|
69.208.0.0/29
|
69.208.0.0
|
69.208.0.7
|
8 | 01000101.11010000.00000000.00000***
|
69.208.0.0/30
|
69.208.0.0
|
69.208.0.3
|
4 | 01000101.11010000.00000000.000000**
|
69.208.0.0/31
|
69.208.0.0
|
69.208.0.1
|
2 | 01000101.11010000.00000000.0000000*
|
69.208.0.0/32
|
69.208.0.0
|
69.208.0.0
|
1 | 01000101.11010000.00000000.00000000
|
默认限制
The default MediaWiki installation limits range blocks to no larger than /16 IPv4 rangeblocks (65,536 addresses). To block larger ranges $wgBlockCIDRLimit needs to be set accordingly in LocalSettings.php.
参考
外部链接
- IP Address Ranges Block gives you complete IP ranges for certain countries.
- Netmask calculator which helps in making the correct decision for range blocks.
- IP CIDR Calculator