I see from...
http://blogs.sun.com/avalon/entry/ipfilter_4_1_14
...that with IPFilter v4.1.14 (and, presumably, newer), we get to use "short
pool names." Per the cited example:
ippool.conf:
table role = ipf type = tree name = letters
{ 1.1.1.1/32; !2.2.0.0/16; 2.2.2.0/24; };
ipf.conf:
pass in from pool/letters to any
The ippool-related man pages in NetBSD 5.0.2, which includes IPFilter v4.1.29,
seem to lean toward only supporting the "number = <digit[s]>" form for
declaring a pool. Is it just that the man pages haven't been updated, and
that the "name = <alpha>" format is, in fact, supported? If so, are we
limited to only alphabetic characters, or is there a wider scope on the types
of characters allowed? Is a pool name case-sensitive? In general, is there
a "character class" (or multiple classes) that can be cited to cover the
allowed characters? What about name lengths? ("short" seems just a bit
vague. ;-)
This feature looks quite promising. For example, we have a number of
systems to which we need to support FTP access sparsely located in our address
space. Am I correct that we could define a pool of these addresses and use
only a single rule to pass FTP to them?
BTW, I don't see any "rc glue" (an ippool file in /etc/rc.d, for
example) in NetBSD 5.0.2. What's the best mechanism to get an ippool
configuration file loaded at startup? Or is IPF hardcoded to detect the
presence of /etc/ippool.conf and "do the right thing" all on its own?
Thanks,
Mike
--
Michael T. Davis (Mike) | Manager for Networking, Admin.
E-mail: [email protected] | & Research Computing: CBE/MSE
-or- [email protected], [email protected] | The Ohio State University
http://www.ecr6.ohio-state.edu/~davism/ | 197 Watts, (614) 292-6928
** E-mail is the best way to contact me **
