Tks Kapetanakis and Vadis for your help. I'll try this out.
Kapetanakis Giannis wrote:
On 26/02/10 19:23, Leonardo Carneiro - Veltrac wrote:Is it possible to write a rule based on a arbitrary ip rule instead using a full subnet as source address like this? hosts_allowed="{ 192.168.0.21-40 }"pf.conf(4) Ranges of addresses are specified using the `-' operator. For instance: ``10.1.1.10 - 10.1.1.12'' means all addresses from10.1.1.10 to 10.1.1.12, hence addresses 10.1.1.10, 10.1.1.11, and10.1.1.12. hosts_allowed="{ 192.168.0.21 - 192.168.0.40 }" Vadim was also right about the rule evaluation. Do first a pass from $host_allowed then a pass from $im_server then block rest. Alternatively you can put all addresses in a table (no ranges). Giannis
