----- Original Message -----
From: "Vincent Lim" <vincent.lim@xxxxxxxxxx>
To: <bguerra@xxxxxxxxxxxxxxxx>
Cc: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Friday, April 11, 2003 11:22 AM
Subject: Re: Source
> On Tue, 2003-04-08 at 01:03, Bobby Guerra wrote:
> > I am trying to setup some rules that apply to a range of source ip
address
> > in a subnet. Example 10.1.1.60-65 I know that you can specify
individual
> > ip adress with -s but this would make me do allot of repeating because I
> > will have to apply the same rules to each ip address. Any help would be
> > appreciated. Thanks
>
> I don't know if using netmasks would help?
>
You can factorise it down to two lines:
-s 10.1.1.60/30 which gets .60, .61, .62 and .63
-s 10.1.1.64/31 which gets .64 and .65
better if you can organise the ip addresses of the hosts that you want to
filter
so that they fit inside a single mask, for example number your six hosts
64-69
inclusive, then do not have a host .70 or .71 and you can use a single
match:
-s 10.1.1.64/29 which gets .64 -> .71
that's what netmasks are for...
Mike
