帮助:Range blocks

From MediaWiki.org
Jump to: navigation, search
This page is a translated version of the page Help:Range blocks and the translation is 71% complete.

Other languages:
English • ‎español • ‎français • ‎Bahasa Indonesia • ‎italiano • ‎日本語 • ‎한국어 • ‎polski • ‎português • ‎português do Brasil • ‎русский • ‎中文
PD 注意:当您编辑本页面时,即代表同意以CC0协议授权您的贡献。您可以在公有领域帮助文档找到更多信息。
PD
See /IPv6 for information on IPv6 range blocks.

Range blocks are technical restrictions applied through Special:Block to a group of IP addresses that prevent them from editing, creating new accounts, sending email through the wiki interface, etc. If you check the box "阻止登录用户使用该IP地址编辑", edits from registered accounts will also be disabled while they are connecting from the blocked range.

Range blocking is enabled and used on all Wikimedia wikis; if it is not enabled on your wiki, add "$wgSysopRangeBansManual:$wgSysopRangeBans = true;" in LocalSettings.phpManual:LocalSettings.php (permanently enabled in MediaWiki 1.18.0 and later).

To block an IP range from Special:Block, enter the first IP address in the range followed by a forward slash and a Classless inter-domain routing (CIDR) suffix. You should avoid performing range blocks unless you understand what you are doing, or you may end up blocking tens of thousands or even millions of people who are not the problem!

This article mainly discusses IPv4; IPv6 blocks work similarly, but have different implications - see /IPv6.

非技术说明[edit]

IP地址被拆分成数的块。 例如148.20.57.0148.20.57.255。 一旦其达到255那么下一数是148.20.58.0

IP地址可以被拆分成更小或更大的块。 最小的作为可用块的数字是4. 他可以是以下之一:

148.20.57.0 - 148.20.57.3,
148.20.57.4 - 148.20.57.7,
148.20.57.8 - 148.20.57.11, ...

每一个块中的4个数,只有两个能被分配到计算机 任何一个块的第一个数和最后一个数都被网络通信所保留。 These are level 30 blocks and can be expressed like this:

148.20.57.0/30,
148.20.57.4/30,
148.20.57.8/30, ...

下一个大点的是8。 他们可以如下:

148.20.57.0 - 148.20.57.7,
148.20.57.8 - 148.20.57.15,
148.20.57.16 - 148.20.57.23, ...

在这个块中的8个数中只有6个能被分配到计算机,同样一个块的第一个和最后一个数被网络通信的特殊用途所保留。 它们同样可以像下面这些:

148.20.57.0/29,
148.20.57.8/29,
148.20.57.16/29, ...

基于这一点,在一个块里的IP地址的数量持续翻倍:16,32,64,128,256等。

A block of 16 would start 148.20.57.0/28.
A block of 32 would start 148.20.57.0/27.
A block of 64 would start 148.20.57.0/26.
A block of 128 would start 148.20.57.0/25.
A block of 256 would start 148.20.57.0/24.

所以如果你有一个IP地址,你想屏蔽一个以分配的区域那么如何知道哪一个被用了? 假如148.20.57.34出现了问题. 你可以在http://arin.net/whois/?queryinput=148.20.57.34查找谁用的这个IP。 这些话告诉我们IP已经被分配了,同时/17这个范围中的大量其他的IP给了美国国防部。 我们当然不希望屏蔽国防部大量的块! 黄金法则就时块越小越好。 只屏蔽这群有问题的IP范围。

这是一个十分有用的计算器:

http://www.csgnetwork.com/ipinfocalc.html

进入这个网页并输入 148.20.57.34 块的起始位. Now select Network Prefix Length and enter 27 (this will give a block of 32 addresses) and click Calculate Network Information. This will show us a block of 32 IP addresses that include 148.20.57.34. (The first - network - and the last - broadcast - addresses will be displayed along with the usable addresses in the range.) You can use this tool to test ranges to be sure they are what you want before entering the information to initiate the block.

技术解释[edit]

无类别域间路由(CIDR)标记法被记成IP/CIDR后缀(例如Pv4 "10.2.3.41/24"或者IPv6 "a3:bc00::/24")。 CIDR后缀是在这个范围内的每一个IP地址以二进制表示时高位数起具有相同数的位的个数

例如: "10.10.1.32" 二进制是00001010.00001010.00000001.00100000,所以 10.10.1.32/27将匹配高位起27个数("00001010.00001010.00000001.00100000")。 IP地址 10.10.1.3210.10.1.63当转换成二进制,所有地址都有相同的27位高位数。如果被屏蔽那么它们都被屏蔽。

如果CIDR后缀增加,块中的IP数会减少(见 table of sample ranges). 相同CIDR后缀的IPv6中的地址数和IPv4中的不同。IPv6的地址数2^{96}=79,228,162,514,264,337,593,543,950,336倍于IPv4。

计算CIDR后缀[edit]

你可以用table of sample ranges以估算范围,用脚本或手动计算这个范围。

二进制转换[edit]

第一步手动计算一个范围的首IP和尾IP以二进制表示出来。 (这假定你没使用脚本,总之可以大概计算范围。) 一个IP地址有4组8位二进制数组成。 每一组代表一个从0到255中的数字 转换一个数到二进制,你可以查表或者知道每一个二进制数所代表的值。

二进制位:   1   1   1   1   1   1   1   1
Value: 128  64  32  16   8   4   2   1

如果这个数大于等于相应值填1并减掉这个值,(如果不是填0并不要减)从左到右依次进行。 例如,为了计算240:

  1. 240大于等于128,所以填1并减128。
  2. 112 (240-128) 大于等于64,所以填1并减64。
  3. 48 (112-64)大于等于32,所以填1并减32。
  4. 16 (48-32) 大于等于16,所以填1并减16。
  5. 因为剩下的值是0,所以所有剩下的位子是0

因此, 240 表示为 1111 0000。因为其可以被表示为 128+64+32+16+0+0+0+0。

计算IP段[edit]

  1. Place both IP addresses one atop the other, and count how many starting digits are exactly alike. 这是CIDR后缀
  2. 再次检查 Being off by one digit could extend your block by thousands of addresses.

The example below calculates the CIDR range between 69.208.0.0 and 69.208.0.255. Note that this is a simple example; some groups of IP addresses do not so neatly fit CIDR suffixes, and need multiple different-sized blocks to block the exact range.

IP位址:
  69.208.0.0
  69.208.0.255
转换为二进制:
  0100 0101.1101 0000.0000 0000.0000 0000
  0100 0101.1101 0000.0000 0000.1111 1111
Count identical first numbers:
  0100 0101.1101 0000.0000 0000.0000 0000
  0100 0101.1101 0000.0000 0000.1111 1111
  |____________________________|
            24位
CIDR 段:
  69.208.0.0/24

Table of sample ranges[edit]

The table below shows the IPv4 blocks each CIDR suffix affects. Note that MediaWiki only supports blocking CIDR suffixes 16 - 32 in IPv4 and 19 (formerly 64) - 128 in IPv6 by default (subject to $wgBlockCIDRLimitManual:$wgBlockCIDRLimit). See /IPv6 for an IPv6 range table.

CIDR IP段起点 IP段终点 总IP地址数量 在IP地址中选定的二进制位
69.208.0.0/0 0.0.0.0 255.255.255.255 4,294,967,296 ********.********.********.********
69.208.0.0/1 0.0.0.0 127.255.255.255 2,147,483,648 0*******.********.********.********
69.208.0.0/4 64.0.0.0 79.255.255.255 268,435,456 0100****.********.********.********
69.208.0.0/8 69.0.0.0 69.255.255.255 16,777,216 01000101.********.********.********
69.208.0.0/11 69.192.0.0 69.223.255.255 2,097,152 01000101.110*****.********.********
69.208.0.0/12 69.208.0.0 69.223.255.255 1,048,576 01000101.1101****.********.********
69.208.0.0/13 69.208.0.0 69.215.255.255 524,288 01000101.11010***.********.********
69.208.0.0/14 69.208.0.0 69.211.255.255 262,144 01000101.110100**.********.********
69.208.0.0/15 69.208.0.0 69.209.255.255 131,072 01000101.1101000*.********.********
69.208.0.0/16 69.208.0.0 69.208.255.255 65,536 01000101.11010000.********.********
69.208.0.0/17 69.208.0.0 69.208.127.255 32,768 01000101.11010000.0*******.********
69.208.0.0/18 69.208.0.0 69.208.63.255 16,384 01000101.11010000.00******.********
69.208.0.0/19 69.208.0.0 69.208.31.255 8,192 01000101.11010000.000*****.********
69.208.0.0/20 69.208.0.0 69.208.15.255 4,096 01000101.11010000.0000****.********
69.208.0.0/21 69.208.0.0 69.208.7.255 2,048 01000101.11010000.00000***.********
69.208.0.0/22 69.208.0.0 69.208.3.255 1,024 01000101.11010000.000000**.********
69.208.0.0/23 69.208.0.0 69.208.1.255 512 01000101.11010000.0000000*.********
69.208.0.0/24 69.208.0.0 69.208.0.255 256 01000101.11010000.00000000.********
69.208.0.0/25 69.208.0.0 69.208.0.127 128 01000101.11010000.00000000.0*******
69.208.0.0/26 69.208.0.0 69.208.0.63 64 01000101.11010000.00000000.00******
69.208.0.0/27 69.208.0.0 69.208.0.31 32 01000101.11010000.00000000.000*****
69.208.0.0/28 69.208.0.0 69.208.0.15 16 01000101.11010000.00000000.0000****
69.208.0.0/29 69.208.0.0 69.208.0.7 8 01000101.11010000.00000000.00000***
69.208.0.0/30 69.208.0.0 69.208.0.3 4 01000101.11010000.00000000.000000**
69.208.0.0/31 69.208.0.0 69.208.0.1 2 01000101.11010000.00000000.0000000*
69.208.0.0/32 69.208.0.0 69.208.0.0 1 01000101.11010000.00000000.00000000

默认限制[edit]

MediaWiki默认限制IPv4段封禁子网掩码不能超过/16(65536个IP地址)。 To block larger ranges $wgBlockCIDRLimitManual:$wgBlockCIDRLimit needs to be set accordingly in LocalSettings.phpManual:LocalSettings.php.

参考资料[edit]

外部链接[edit]