John A. Sullivan III wrote: > > We found we needed to accommodate solutions both ways within ISCS, i.e., > if a gateway supports iprange, we write iptables rules with ranges. If > not, we use the logic found in SubnetCreator > (http://subnetcreator.sourceforge.net) to break the range into subnets > and then create rules for the resultant subnets. FWIW, Shorewall takes the same approach although Shorewall has it's own code for converting a range into a list of subnets. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@xxxxxxxxxxxxx PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
