Source

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Source
@ 2003-04-07 17:03 Bobby Guerra
  2003-04-11 10:22 ` Source Vincent Lim
  0 siblings, 1 reply; 3+ messages in thread
From: Bobby Guerra @ 2003-04-07 17:03 UTC (permalink / raw)
  To: netfilter

I am trying to setup some rules that apply to a range of source ip address
in a subnet.  Example 10.1.1.60-65  I know that you can specify individual
ip adress with -s but this would make me do allot of repeating because I
will have to apply the same rules to each ip address. Any help would be
appreciated.  Thanks

Bobby Guerra
bguerra@dtr-software.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Source
  2003-04-07 17:03 Source Bobby Guerra
@ 2003-04-11 10:22 ` Vincent Lim
  2003-04-11 11:29   ` Source Michael J. Tubby B.Sc. (Hons) G8TIC
  0 siblings, 1 reply; 3+ messages in thread
From: Vincent Lim @ 2003-04-11 10:22 UTC (permalink / raw)
  To: bguerra; +Cc: netfilter

On Tue, 2003-04-08 at 01:03, Bobby Guerra wrote:
> I am trying to setup some rules that apply to a range of source ip address
> in a subnet.  Example 10.1.1.60-65  I know that you can specify individual
> ip adress with -s but this would make me do allot of repeating because I
> will have to apply the same rules to each ip address. Any help would be
> appreciated.  Thanks

I don't know if using netmasks would help?

-- 
Vincent Lim <vincent.lim@nestac.com>
NESTAC Solution Sdn Bhd



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Source
  2003-04-11 10:22 ` Source Vincent Lim
@ 2003-04-11 11:29   ` Michael J. Tubby B.Sc. (Hons) G8TIC
  0 siblings, 0 replies; 3+ messages in thread
From: Michael J. Tubby B.Sc. (Hons) G8TIC @ 2003-04-11 11:29 UTC (permalink / raw)
  To: Vincent Lim, bguerra; +Cc: netfilter


----- Original Message -----
From: "Vincent Lim" <vincent.lim@nestac.com>
To: <bguerra@dtr-software.com>
Cc: <netfilter@lists.netfilter.org>
Sent: Friday, April 11, 2003 11:22 AM
Subject: Re: Source


> On Tue, 2003-04-08 at 01:03, Bobby Guerra wrote:
> > I am trying to setup some rules that apply to a range of source ip
address
> > in a subnet.  Example 10.1.1.60-65  I know that you can specify
individual
> > ip adress with -s but this would make me do allot of repeating because I
> > will have to apply the same rules to each ip address. Any help would be
> > appreciated.  Thanks
>
> I don't know if using netmasks would help?
>

You can factorise it down to two lines:

        -s 10.1.1.60/30        which gets .60, .61, .62 and .63
        -s 10.1.1.64/31        which gets .64 and .65

better if you can organise the ip addresses of the hosts that you want to
filter
so that they fit inside a single mask, for example number your six hosts
64-69
inclusive, then do not have a host .70 or .71 and you can use a single
match:

        -s 10.1.1.64/29        which gets .64 -> .71

that's what netmasks are for...


Mike



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2003-04-11 11:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-07 17:03 Source Bobby Guerra
2003-04-11 10:22 ` Source Vincent Lim
2003-04-11 11:29   ` Source Michael J. Tubby B.Sc. (Hons) G8TIC

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox