What is the biggest IP range you can block in a Firewall? Print

  • IP block, firewall, IP range, server, iptables
  • 1100

When you’re talking about blocking IP ranges in a firewall (like iptables, nftables, or CSF on AlmaLinux/CentOS/RHEL), the biggest block you can apply is the entire IPv4 or IPv6 address space, depending on what you want to achieve.


IPv4

  • The largest CIDR block possible is:

     
    0.0.0.0/0

    This matches all IPv4 addresses (about 4.3 billion).

  • In practice, admins usually block in smaller chunks (e.g., /8, /16, /24) to avoid unintentionally cutting off legitimate traffic.

  • Example of blocking an entire /8 (16.7 million IPs):

     
    iptables -A INPUT -s 12.0.0.0/8 -j DROP

IPv6

  • The largest block is:

     
    ::/0

    This covers all IPv6 addresses (a mind-boggling number, ~3.4×10³⁸).

  • Similar logic applies: you can block entire subnets, like /32 or /48 depending on the target range.


Practical Guidance

  • Use specific ranges whenever possible. Blocking 0.0.0.0/0 or ::/0 is essentially shutting down your server’s networking.

  • Common large blocks:

    • /8 (huge, often too big unless you’re cutting out an entire provider or country)

    • /16 (65,536 IPs, good for ISP ranges)

    • /24 (256 IPs, typical for small networks)


???? So technically, the biggest IP range you can block is /0 (all IPs), but practically the largest useful range is usually /8 in IPv4 or /32/48 in IPv6.

Here is a simple graph showing available IPs within a network:

CIDR

Subnet Mask

Total IPs

Usable IPs

/32 255.255.255.255 1 1
/31 255.255.255.254 2 0
/30 255.255.255.252 4 2
/29 255.255.255.248 8 6
/28 255.255.255.240 16 14
/27 255.255.255.224 32 30
/26 255.255.255.192 64 62
/25 255.255.255.128 128 126
/24 255.255.255.0 256 254
/23 255.255.254.0 512 510
/22 255.255.252.0 1024 1022
/21 255.255.248.0 2048 2046
/20 255.255.240.0 4096 4094
/19 255.255.224.0 8192 8190
/18 255.255.192.0 16,384 16,382
/17 255.255.128.0 32,768 32,766
/16 255.255.0.0 65,536 65,534
/15 255.254.0.0 131,072 131,070
/14 255.252.0.0 262,144 262,142
/13 255.248.0.0 524,288 524,286
/12 255.240.0.0 1,048,576 1,048,574
/11 255.224.0.0 2,097,152 2,097,150
/10 255.192.0.0 4,194,304 4,194,302
/9 255.128.0.0 8,388,608 8,388,606
/8 255.0.0.0 16,777,216 16,777,214

Was this answer helpful?

« Back