First, open your IP tables rules file in nano:

Next, based on your circumstances add the following to your IP tables rules file above the iptables -A INPUT -j DROP line:

  1. Block a specific IP Address:
    -A INPUT -s 192.168.5.130/32 -j DROP
  2. Block all addresses within the final octet (i.e., block all IP addresses from 192.168.5.0 to 192.168.5.255):
    -A INPUT -s 192.168.5.0/24 -j DROP
  3. Block all addresses within the last two octets (block addresses from 192.168.0.0 to 192.168.255.255):
    -A INPUT -s 192.168.0.0/16 -j DROP
  4. Block all addresses within the last three octets (block addresses from 192.0.0.0 to 192.255.255.255):
    -A INPUT -s 192.0.0.0/8 -j DROP

Notes and Observations

/8, /16, and /24 are known as Classless Inter-Domain Routing (CIDR) notation. It is used to represent IPv4 addresses and their prefixes. In the above example with 192.168.5.0/24, 192.168.5.0 is the prefix and /24 is the CIDR notation.


References:
  • Server Fault: Block range of IP Addresses
  • Wikipedia: IPv4 subnetting Reference
    • Rejkelie

      You have switched the network masks “/8” and “/24” in your article. Use “192.168.0.0/24” to designate the IP address 192.168.0.0 to 192.168.0.255 and “/8” for the class A full domain. The netmask masks the bits that are not used.

      • Code Sport I/O

        @rejkelie:disqus thanks for catching this. Post has been updated and corrected.