On Mon, 2004-06-07 at 06:53, Knight, Steve wrote: > Hi there > > Can one use syntax other than CIDR notation when defining things like > networks? > > i.e. it's common to see > > LAN_RANGE="192.168.0.0/24" > > in rule bases, but I would like to use > > DODGY_RANGE="192.168.0.1-5" > GOOD_RANGE="192.168.0.6-30" > BAD_BAD_RANGE="192.168.31-40" > > > a la `nmap` syntax. > > Is this something netfilter can handle? > <snip> Yes, besides using CIDR and Dotted Decimal notation, one can apply the IPRange patch-o-matic patch and use a rule such as iptables -A FORWARD -m iprange --src-range 192.168.1.10-192.168.1.20 -j ACCEPT We use it all the time in the ISCS project. If you do not want to patch, you can use SubnetCreator (http:subnetcreator.sourceforge.net) to turn a range into a list of subnets and then make rules for each of the subnets. If you are using Qt, it also provides a series of routines to do this programatically. -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
