* Source
@ 2003-04-07 17:03 Bobby Guerra
2003-04-11 10:22 ` Source Vincent Lim
0 siblings, 1 reply; 3+ messages in thread
From: Bobby Guerra @ 2003-04-07 17:03 UTC (permalink / raw)
To: netfilter
I am trying to setup some rules that apply to a range of source ip address
in a subnet. Example 10.1.1.60-65 I know that you can specify individual
ip adress with -s but this would make me do allot of repeating because I
will have to apply the same rules to each ip address. Any help would be
appreciated. Thanks
Bobby Guerra
bguerra@dtr-software.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Source
2003-04-07 17:03 Source Bobby Guerra
@ 2003-04-11 10:22 ` Vincent Lim
2003-04-11 11:29 ` Source Michael J. Tubby B.Sc. (Hons) G8TIC
0 siblings, 1 reply; 3+ messages in thread
From: Vincent Lim @ 2003-04-11 10:22 UTC (permalink / raw)
To: bguerra; +Cc: netfilter
On Tue, 2003-04-08 at 01:03, Bobby Guerra wrote:
> I am trying to setup some rules that apply to a range of source ip address
> in a subnet. Example 10.1.1.60-65 I know that you can specify individual
> ip adress with -s but this would make me do allot of repeating because I
> will have to apply the same rules to each ip address. Any help would be
> appreciated. Thanks
I don't know if using netmasks would help?
--
Vincent Lim <vincent.lim@nestac.com>
NESTAC Solution Sdn Bhd
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Source
2003-04-11 10:22 ` Source Vincent Lim
@ 2003-04-11 11:29 ` Michael J. Tubby B.Sc. (Hons) G8TIC
0 siblings, 0 replies; 3+ messages in thread
From: Michael J. Tubby B.Sc. (Hons) G8TIC @ 2003-04-11 11:29 UTC (permalink / raw)
To: Vincent Lim, bguerra; +Cc: netfilter
----- Original Message -----
From: "Vincent Lim" <vincent.lim@nestac.com>
To: <bguerra@dtr-software.com>
Cc: <netfilter@lists.netfilter.org>
Sent: Friday, April 11, 2003 11:22 AM
Subject: Re: Source
> On Tue, 2003-04-08 at 01:03, Bobby Guerra wrote:
> > I am trying to setup some rules that apply to a range of source ip
address
> > in a subnet. Example 10.1.1.60-65 I know that you can specify
individual
> > ip adress with -s but this would make me do allot of repeating because I
> > will have to apply the same rules to each ip address. Any help would be
> > appreciated. Thanks
>
> I don't know if using netmasks would help?
>
You can factorise it down to two lines:
-s 10.1.1.60/30 which gets .60, .61, .62 and .63
-s 10.1.1.64/31 which gets .64 and .65
better if you can organise the ip addresses of the hosts that you want to
filter
so that they fit inside a single mask, for example number your six hosts
64-69
inclusive, then do not have a host .70 or .71 and you can use a single
match:
-s 10.1.1.64/29 which gets .64 -> .71
that's what netmasks are for...
Mike
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-04-11 11:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-07 17:03 Source Bobby Guerra
2003-04-11 10:22 ` Source Vincent Lim
2003-04-11 11:29 ` Source Michael J. Tubby B.Sc. (Hons) G8TIC
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.