Tks Kapetanakis and Vadis for your help. I'll try this out.
Kapetanakis Giannis wrote:
On 26/02/10 19:23, Leonardo Carneiro - Veltrac wrote:
Is it possible to write a rule based on a arbitrary ip rule instead
using a full subnet as source address like this?
hosts_allowed="{ 192.168.0.21-40 }"
pf.conf(4)
Ranges of addresses are specified using the `-' operator. For
instance: ``10.1.1.10 - 10.1.1.12'' means all addresses from
10.1.1.10 to 10.1.1.12, hence addresses 10.1.1.10,
10.1.1.11, and
10.1.1.12.
hosts_allowed="{ 192.168.0.21 - 192.168.0.40 }"
Vadim was also right about the rule evaluation.
Do first a pass from $host_allowed then a pass from $im_server
then block rest.
Alternatively you can put all addresses in a table (no ranges).
Giannis