Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 2994 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ip range in paket filter rule?

gerald
is it possible to define an ip-range in a paket filter rule?
for example: 

allow ftp for 10.0.0.1-10.0.0.10 to any

if it isn't possible is there a workaround or do i have to define 254 network-devices and add them to different network groups?!


This thread was automatically locked due to age.
Parents
  • 0
    You're going to have to 'rough it' a little;
    by using subnetworks, you can do ranges based on power of 2. Then you make a Network group comprised of that subnetwork plus a few individual nodes. That's an inconvenience right now for those needing that functionality...
  • 0 in reply to SecApp
    can i say:

    192.0.0.0/4 = 192.0.0.0 to 223.255.255.255
    128.0.0.0/2 = 128.0.0.0 to 191.255.255.255

    in yes, how can i write 1.0.0.0 to 126.255.255.255???

    TIA

    Gilera
Reply Children
  • 0 in reply to MarioGilera
    192/4=11000000-11001111=192-207
    (use binary calculator software)

    Your /2 calculation is correct.

    How? Difficultly.

    One way to cheat is to use a mask of 0/1 (that's networks 0-128), and then make a network definition 128...  (127 is loopback) and always add rules to exclude it.

    Failing that, you will have to make a network range from 0 to 64 (0/2) and then the smaller power of 2 ranges going from 65-126, and put them together as a network definition. That's a bit of work. If you want, I'll check your figures...

    Some people find it easier just to make the individual /8 definitions and group them. That might slow things down a tad in the iptables, but I think most people won't notice...