Help:Range blocks/zh

From MediaWiki.org
Jump to: navigation, search
This page is a translated version of the page Help:Range blocks and the translation is 29% complete.

Other languages:
English • ‎español • ‎français • ‎Bahasa Indonesia • ‎italiano • ‎日本語 • ‎한국어 • ‎português • ‎português do Brasil • ‎中文
PD 注意:当您编辑本页面时,即代表同意以CC0协议授权您的贡献。您可以在公有领域帮助文档找到更多信息。
PD
See /IPv6 for information on IPv6 range blocks.

Range blocks are technical restrictions applied through Special:Block to a group of IP addresses that prevent them from editing, creating new accounts, sending email through the wiki interface, etc. If you check the box "阻止登录用户使用该IP地址编辑", edits from registered accounts will also be disabled while they are connecting from the blocked range.

Range blocking is enabled and used on all Wikimedia wikis; if it is not enabled on your wiki, add "$wgSysopRangeBans = true;" in LocalSettings.php (permanently enabled in MediaWiki 1.18.0 and later).

To block an IP range from Special:Block, enter the first IP address in the range followed by a forward slash and a Classless inter-domain routing (CIDR) suffix. You should avoid performing range blocks unless you understand what you are doing, or you may end up blocking tens of thousands or even millions of people who are not the problem!

This article mainly discusses IPv4; IPv6 blocks work similarly, but have different implications - see /IPv6.

Non-technical explanation

IP addresses are broken up into blocks of numbers. An example of this would be 148.20.57.0 through to 148.20.57.255. Once it reaches 255 the next number is 148.20.58.0.

IP addresses can be broken up in to smaller or larger blocks. The smallest practical block is a block of 4. This could be one of the following:

148.20.57.0 - 148.20.57.3,
148.20.57.4 - 148.20.57.7,
148.20.57.8 - 148.20.57.11, ...

Of each block of 4 numbers, only two can be assigned to a computer. The first and last numbers of any block are reserved for network communication. These are level 30 blocks and can be expressed like this:

148.20.57.0/30,
148.20.57.4/30,
148.20.57.8/30, ...

The next largest block is 8. They can be as follows:

148.20.57.0 - 148.20.57.7,
148.20.57.8 - 148.20.57.15,
148.20.57.16 - 148.20.57.23, ...

In this block of 8 numbers only 6 can be assigned to a computer as, once again, the first and last numbers in a block are reserved for specific uses in network communication. These can also be expressed as follows:

148.20.57.0/29,
148.20.57.8/29,
148.20.57.16/29, ...

From this point on, the number of IP addresses in a block continues to double: 16, 32, 64, 128, 256, etc.

A block of 16 would start 148.20.57.0/28.
A block of 32 would start 148.20.57.0/27.
A block of 64 would start 148.20.57.0/26.
A block of 128 would start 148.20.57.0/25.
A block of 256 would start 148.20.57.0/24.

So if you have an IP address and you want to block the range assigned how do you know which one to use? Let's say you have a problem with 148.20.57.34. You can lookup who has this IP address at http://arin.net/whois/?queryinput=148.20.57.34. Say this tells us that this IP address is assigned, along with a LOT of others in a /17 range, to the Department of Defense. We certainly don't want to block a large block of the DoD! The rule of thumb is block as little as possible. Only block a range if there is a cluster of IP addresses giving a problem.

There's a calculator that is very useful for this:

http://www.csgnetwork.com/ipinfocalc.html

Go to this site and enter 148.20.57.34 into the first set of blanks. Now select Network Prefix Length and enter 27 (this will give a block of 32 addresses) and click Calculate Network Information. This will show us a block of 32 IP addresses that include 148.20.57.34. (The first - network - and the last - broadcast - addresses will be displayed along with the usable addresses in the range.) You can use this tool to test ranges to be sure they are what you want before entering the information to initiate the block.

技术解释

CIDR notation is written as the IP address, a slash, and the CIDR suffix (for example, the IPv4 "10.2.3.41/24" or IPv6 "a3:bc00::/24"). The CIDR suffix is the number of starting digits every IP address in the range have in common when written in binary.

For example: "10.10.1.32" is binary "00001010.00001010.00000001.00100000", so 10.10.1.32/27 will match the first 27 digits ("00001010.00001010.00000001.00100000"). The IP addresses 10.10.1.3210.10.1.63, when converted to binary, all have the same 27 first digits and will be blocked if 10.10.1.32/27 is blocked.

As the CIDR suffix increases, the block affects fewer IP addresses (see table of sample ranges). CIDR suffixes are not the same for IPv4 addresses as they are for IPv6 addresses; the same CIDR suffix in IPv4 blocks 2^{96}=79,228,162,514,264,337,593,543,950,336 times as many addresses in IPv6.

计算CIDR后缀

You can use the table of sample ranges below to guess the range, use a computer script, or manually calculate the range.

二进制转换y

The first step in manually calculating a range is to convert the first and last IP address to binary representation. (This assumes you're not using a computer script, which can probably calculate the range for you anyway.) 一个IP地址有4组8位二进制数组成。 每一组代表一个从0到255中的数字 To convert a number to binary, you can use a reference table or know the value of each binary digit:

Binary digit:   1   1   1   1   1   1   1   1
Value:        128  64  32  16   8   4   2   1

Proceeding from left to right, fill in 1 if the number is at least that value, and subtract that value (if it's not, fill in 0 and don't subtract). 例如,为了计算240:

  1. 240 is at least 128, so place 1 and subtract 128.
  2. 112 (240-128) is at least 64, so place 1 and subtract 64.
  3. 48 (112-64) is at least 32, so place 1 and subtract 32.
  4. 16 (48-32) is at least 16, so place 1 and subtract 16.
  5. 因为剩下的值是0,所以所有剩下的位子是0

因此, 240 表示为 1111 0000。因为其可以被表示为 128+64+32+16+0+0+0+0。

计算IP段

  1. Place both IP addresses one atop the other, and count how many starting digits are exactly alike. 这是CIDR后缀
  2. 再次检查 Being off by one digit could extend your block by thousands of addresses.

The example below calculates the CIDR range between 69.208.0.0 and 69.208.0.255. Note that this is a simple example; some groups of IP addresses do not so neatly fit CIDR suffixes, and need multiple different-sized blocks to block the exact range.

IP位址:
  69.208.0.0
  69.208.0.255
转换为二进制:
  0100 0101.1101 0000.0000 0000.0000 0000
  0100 0101.1101 0000.0000 0000.1111 1111
Count identical first numbers:
  0100 0101.1101 0000.0000 0000.0000 0000
  0100 0101.1101 0000.0000 0000.1111 1111
  |____________________________|
            24位
CIDR 段:
  69.208.0.0/24

Table of sample ranges

The table below shows the IPv4 blocks each CIDR suffix affects. Note that MediaWiki only supports blocking CIDR suffixes 16 - 32 in IPv4 and 19 (formerly 64) - 128 in IPv6 by default (subject to $wgBlockCIDRLimit). See /IPv6 for an IPv6 range table.

CIDR IP段起点 IP段终点 总IP地址数量 在IP地址中选定的二进制位
69.208.0.0/0 0.0.0.0 255.255.255.255 4,294,967,296 ********.********.********.********
69.208.0.0/1 0.0.0.0 127.255.255.255 2,147,483,648 0*******.********.********.********
69.208.0.0/4 64.0.0.0 79.255.255.255 268,435,456 0100****.********.********.********
69.208.0.0/8 69.0.0.0 69.255.255.255 16,777,216 01000101.********.********.********
69.208.0.0/11 69.192.0.0 69.223.255.255 2,097,152 01000101.110*****.********.********
69.208.0.0/12 69.208.0.0 69.223.255.255 1,048,576 01000101.1101****.********.********
69.208.0.0/13 69.208.0.0 69.215.255.255 524,288 01000101.11010***.********.********
69.208.0.0/14 69.208.0.0 69.211.255.255 262,144 01000101.110100**.********.********
69.208.0.0/15 69.208.0.0 69.209.255.255 131,072 01000101.1101000*.********.********
69.208.0.0/16 69.208.0.0 69.208.255.255 65,536 01000101.11010000.********.********
69.208.0.0/17 69.208.0.0 69.208.127.255 32,768 01000101.11010000.0*******.********
69.208.0.0/18 69.208.0.0 69.208.63.255 16,384 01000101.11010000.00******.********
69.208.0.0/19 69.208.0.0 69.208.31.255 8,192 01000101.11010000.000*****.********
69.208.0.0/20 69.208.0.0 69.208.15.255 4,096 01000101.11010000.0000****.********
69.208.0.0/21 69.208.0.0 69.208.7.255 2,048 01000101.11010000.00000***.********
69.208.0.0/22 69.208.0.0 69.208.3.255 1,024 01000101.11010000.000000**.********
69.208.0.0/23 69.208.0.0 69.208.1.255 512 01000101.11010000.0000000*.********
69.208.0.0/24 69.208.0.0 69.208.0.255 256 01000101.11010000.00000000.********
69.208.0.0/25 69.208.0.0 69.208.0.127 128 01000101.11010000.00000000.0*******
69.208.0.0/26 69.208.0.0 69.208.0.63 64 01000101.11010000.00000000.00******
69.208.0.0/27 69.208.0.0 69.208.0.31 32 01000101.11010000.00000000.000*****
69.208.0.0/28 69.208.0.0 69.208.0.15 16 01000101.11010000.00000000.0000****
69.208.0.0/29 69.208.0.0 69.208.0.7 8 01000101.11010000.00000000.00000***
69.208.0.0/30 69.208.0.0 69.208.0.3 4 01000101.11010000.00000000.000000**
69.208.0.0/31 69.208.0.0 69.208.0.1 2 01000101.11010000.00000000.0000000*
69.208.0.0/32 69.208.0.0 69.208.0.0 1 01000101.11010000.00000000.00000000

默认限制

MediaWiki默认限制IPv4段封禁子网掩码不能超过/16(65536个IP地址)。 To block larger ranges $wgBlockCIDRLimit needs to be set accordingly in LocalSettings.php.

参考资料

外部链接