great rc.firewall of China

Just about every night now, PortSentry informs me that someone from some IP in China and/or India is attempting to fondle my system, for example:

Code: 
**Unmached entries**
3 Time(s): attackalert: Connect from host:
      61.174.142.124/61.174.142.124 to TCP port: 1
6 Time(s): attackalert:  Connect from host: 
     61.54.16.6/61.54.16.6 to TCP port: 111
8 Time(s): attackalert: Connect from host:
     61.11.56.12/61.11.56.12 to TCP port: 111
Not to mention several other 'IN_TCP DROP' instances from similar IPs.

So let's say I want to block ALL traffic from 61.174.0.0 - 61.174.7.255 (Zhejiang Telecom)? I know I can modify /etc/hosts.deny with the entry ALL:61.174. but I don't even want a ping from these guys.

So here is the killer question, is the correct IPTables syntax:
Code: 
/sbin/iptables -I INPUT -s 61.174.0.0/255.0.0.0 -j DROP
or is it:
Code: 
/sbin/iptables -I INPUT -s 61.174.0.0/8 -j DROP
Inquiring minds want to know. I'd also like to know if there is some form of a blackhole list hosts.deny and/or rc.firewall I can peruse ... you know, so I can lie to myself about being proactive about security.

 

 

 

 

Top