Help:IP range

When specifying an IP range for the "Check user" or "Block user" functions, you must use CIDR (classless inter-domain routing) notation. This is a brief guide to CIDR notation of IP ranges.

An IP address is usually written as four numbers separated by dots, e.g. 123.123.123.1. Each of these numbers must be in the range 0-255 and represents a single byte (8 bits), so a full IP address is 32-bits long.

An IP address range is specified by adding a fifth number after a slash, e.g. 123.123.123.1/24. You might think that this specifies addresses in the range 123.123.123.1 to 123.123.123.24. You would be wrong!

The number after the slash represents the number of bits that must be matched for an address to be in the range and must be in the range 1-32 (although it isn't a range if you specify 32, just a single address). In the above example, /24 means that 24 bits must match. Each byte is 8 bits, so 123.123.123.1/24 actually matches addresses in the range 123.123.123.0 to 123.123.123.255.

Working out ranges is easy where we are specifying 8, 16, 24 or 32 bits to match. The inbetween values take a bit more working out. For example, 123.123.123.1/25 specifies the range 123.123.123.0 to 123.123.123.127 but 123.123.123.163/25 specifies the range 123.123.123.128 to 123.123.123.255. This is because we have said that the range must match the 25th bit of the address which is 0 in the first example and 1 in the second.

If you find all this confusing, don't worry. There are useful free tools available that will work out ranges for you, such as this calculator.

Note that the "Check user" function only accepts range suffixes between 16 and 24. "Block user" accepts range suffixes between 16 and 31.

Ranges should be used with care, particularly when blocking users. It is easy to accidentally block a much larger range than you intended, blocking many innocent users.