Re: arbitrary ip range in pf

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Leonardo Carneiro - Veltrac

Date: Friday, February 26, 2010 - 11:09 am

Tks Kapetanakis and Vadis for your help. I'll try this out.




Kapetanakis Giannis wrote:
quoted text> On 26/02/10 19:23, Leonardo Carneiro - Veltrac wrote:
>> Is it possible to write a rule based on a arbitrary ip rule instead
>> using a full subnet as source address like this?
>>
>> hosts_allowed="{ 192.168.0.21-40 }"
>>    
>
>
> pf.conf(4)
>
> Ranges of addresses are specified using the `-' operator.  For
>              instance: ``10.1.1.10 - 10.1.1.12'' means all addresses from
>              10.1.1.10 to 10.1.1.12, hence addresses 10.1.1.10, 
> 10.1.1.11, and
>              10.1.1.12.
>
> hosts_allowed="{ 192.168.0.21 - 192.168.0.40 }"
>
> Vadim was also right about the rule evaluation.
>
> Do first a pass from $host_allowed then a pass from $im_server
> then block rest.
>
> Alternatively you can put all addresses in a table (no ranges).
>
> Giannis

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

arbitrary ip range in pf, Leonardo Carneiro - ..., (Fri Feb 26, 10:23 am)

Re: arbitrary ip range in pf, Vadim Zhukov, (Fri Feb 26, 10:38 am)

Re: arbitrary ip range in pf, Kapetanakis Giannis, (Fri Feb 26, 10:53 am)

Re: arbitrary ip range in pf, Kapetanakis Giannis, (Fri Feb 26, 10:58 am)

Re: arbitrary ip range in pf, Leonardo Carneiro - ..., (Fri Feb 26, 11:09 am)

Re: arbitrary ip range in pf, Vadim Zhukov, (Sat Feb 27, 3:24 am)

Re: arbitrary ip range in pf, Kapetanakis Giannis, (Sat Feb 27, 4:09 am)


linux-kernel:
Alexey Dobriyan	Re: [2.6.22.2 review 09/84] Fix rfkill IRQ flags.
Michael Moore	Re: underage models, pre teen models, lolita porn, young preteens, little lolitas
Alex Riesen	Re: [PATCH 4/7] lib: Introduce strnstr()
Thomas Gleixner	[ANNOUNCE] 2.6.31-rc6-rt2
Mathieu Desnoyers	Re: Linux 2.6.25-rc2
git:
Blaisorblade	git-unpack-objects < pack file in repository doesn't work!
Matthieu Moy	Re: Cloning empty repositories, was Re: What is the idea for bare repositories?
Linus Torvalds	Re: Untracked working tree files
Peter Karlsson	Re: CRLF problems with Git on Win32
Johannes Schindelin	Re: [PATCH 4/4] git-rebase -i: New option to support rebase with merges
linux-netdev:
Alan Menegotto	Re: Linux networking implementation and packet capture
Andrew Morton	Re: [PATCH] PHYLIB: IRQ event workqueue handling fixes
Timo Teräs	ip xfrm policy semantics
Jarek Poplawski	Re: [PATCH]: Fix queueing return values...
David Miller	Re: [PATCH 1/2] netdev: bfin_mac: enable bfin_mac net dev driver for BF51x
git-commits-head:
Linux Kernel Mailing List	Blackfin: don't give CPU its own line in traps output
Linux Kernel Mailing List	No need to do lock_super() for exclusion in generic_shutdown_super()
Linux Kernel Mailing List	x86, msr: Export the register-setting MSR functions via /dev/*/msr
Linux Kernel Mailing List	MIPS: SMTC: Fix lockup in smtc_distribute_timer
Linux Kernel Mailing List	powerpc: gamecube/wii: usbgecko bootwrapper console support
openbsd-misc:
Aaron Mason	Re: Defending OpenBSD Performance
Henning Brauer	Re: Defending OpenBSD Performance
Henning Brauer	Re: Defending OpenBSD Performance
Christiano Farina Haesbaert	Re: Defending OpenBSD Performance
Nick Holland	Re: 1 out of 3 hunks failed--saving rejects to kerberosV/src/lib/krb5/crypto.c.rej