* Source
@ 2003-04-07 17:03 Bobby Guerra
2003-04-11 10:22 ` Source Vincent Lim
0 siblings, 1 reply; 3+ messages in thread
From: Bobby Guerra @ 2003-04-07 17:03 UTC (permalink / raw)
To: netfilter
I am trying to setup some rules that apply to a range of source ip address
in a subnet. Example 10.1.1.60-65 I know that you can specify individual
ip adress with -s but this would make me do allot of repeating because I
will have to apply the same rules to each ip address. Any help would be
appreciated. Thanks
Bobby Guerra
bguerra@dtr-software.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Source
2003-04-07 17:03 Source Bobby Guerra
@ 2003-04-11 10:22 ` Vincent Lim
2003-04-11 11:29 ` Source Michael J. Tubby B.Sc. (Hons) G8TIC
0 siblings, 1 reply; 3+ messages in thread
From: Vincent Lim @ 2003-04-11 10:22 UTC (permalink / raw)
To: bguerra; +Cc: netfilter
On Tue, 2003-04-08 at 01:03, Bobby Guerra wrote:
> I am trying to setup some rules that apply to a range of source ip address
> in a subnet. Example 10.1.1.60-65 I know that you can specify individual
> ip adress with -s but this would make me do allot of repeating because I
> will have to apply the same rules to each ip address. Any help would be
> appreciated. Thanks
I don't know if using netmasks would help?
--
Vincent Lim <vincent.lim@nestac.com>
NESTAC Solution Sdn Bhd
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Source
2003-04-11 10:22 ` Source Vincent Lim
@ 2003-04-11 11:29 ` Michael J. Tubby B.Sc. (Hons) G8TIC
0 siblings, 0 replies; 3+ messages in thread
From: Michael J. Tubby B.Sc. (Hons) G8TIC @ 2003-04-11 11:29 UTC (permalink / raw)
To: Vincent Lim, bguerra; +Cc: netfilter
----- Original Message -----
From: "Vincent Lim" <vincent.lim@nestac.com>
To: <bguerra@dtr-software.com>
Cc: <netfilter@lists.netfilter.org>
Sent: Friday, April 11, 2003 11:22 AM
Subject: Re: Source
> On Tue, 2003-04-08 at 01:03, Bobby Guerra wrote:
> > I am trying to setup some rules that apply to a range of source ip
address
> > in a subnet. Example 10.1.1.60-65 I know that you can specify
individual
> > ip adress with -s but this would make me do allot of repeating because I
> > will have to apply the same rules to each ip address. Any help would be
> > appreciated. Thanks
>
> I don't know if using netmasks would help?
>
You can factorise it down to two lines:
-s 10.1.1.60/30 which gets .60, .61, .62 and .63
-s 10.1.1.64/31 which gets .64 and .65
better if you can organise the ip addresses of the hosts that you want to
filter
so that they fit inside a single mask, for example number your six hosts
64-69
inclusive, then do not have a host .70 or .71 and you can use a single
match:
-s 10.1.1.64/29 which gets .64 -> .71
that's what netmasks are for...
Mike
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-04-11 11:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-07 17:03 Source Bobby Guerra
2003-04-11 10:22 ` Source Vincent Lim
2003-04-11 11:29 ` Source Michael J. Tubby B.Sc. (Hons) G8TIC
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox