On 26 February 2010 c. 20:53:43 Kapetanakis Giannis wrote: > On 26/02/10 19:23, Leonardo Carneiro - Veltrac wrote: > > Is it possible to write a rule based on a arbitrary ip rule instead > > using a full subnet as source address like this? > > > > hosts_allowed="{ 192.168.0.21-40 }" > > pf.conf(4) > > Ranges of addresses are specified using the `-' operator. For > instance: ``10.1.1.10 - 10.1.1.12'' means all addresses > from 10.1.1.10 to 10.1.1.12, hence addresses 10.1.1.10, 10.1.1.11, and > 10.1.1.12. > > hosts_allowed="{ 192.168.0.21 - 192.168.0.40 }"
Oops... :) > Vadim was also right about the rule evaluation. > > Do first a pass from $host_allowed then a pass from $im_server > then block rest. Did you mean "block all, then allow from $host_allowed and $im_server"? Opposite way will get you blocked again. ;) > Alternatively you can put all addresses in a table (no ranges). -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?