On 26 February 2010 c. 20:53:43 Kapetanakis Giannis wrote:
> On 26/02/10 19:23, Leonardo Carneiro - Veltrac wrote:
> > Is it possible to write a rule based on a arbitrary ip rule instead
> > using a full subnet as source address like this?
> >
> > hosts_allowed="{ 192.168.0.21-40 }"
>
> pf.conf(4)
>
> Ranges of addresses are specified using the `-' operator. For
> instance: ``10.1.1.10 - 10.1.1.12'' means all addresses
> from 10.1.1.10 to 10.1.1.12, hence addresses 10.1.1.10, 10.1.1.11, and
> 10.1.1.12.
>
> hosts_allowed="{ 192.168.0.21 - 192.168.0.40 }"
Oops... :)
> Vadim was also right about the rule evaluation.
>
> Do first a pass from $host_allowed then a pass from $im_server
> then block rest.
Did you mean "block all, then allow from $host_allowed and $im_server"?
Opposite way will get you blocked again. ;)
> Alternatively you can put all addresses in a table (no ranges).
--
Best wishes,
Vadim Zhukov
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
