Re: Using consecutive IPs in a client access file

Tue, 15 Nov 2016 15:21:20 -0800 

On 15 Nov 2016, at 13:07, Gomes, Rich wrote:


Just a quick question since I have not found a way in my Googling.

We are  replacing some of our internal Exchange relays with postfix.
Currently we have other internal postfix relays which utilize a client access file to allow relaying. 
The file contains all single IPs, no ranges.
The exchange servers have some groups of consecutive IPs on their allow list, some cover 5 or 6 IPs, others 100. 
Is there a way to provide the same list .i.e.
192.168.0.2-12  OK

without:

Listing them all individually
i.e.
192.168.0.2     OK
192.168.0.3     OK
Etc...
Or
Allowing an entire subnet
192.168.0.0/24  OK
If not possible, that's fine, I will just list them by hand, just hoping there was a native way to do it. 

No, there's not.
However, I happened to have an old Perl script laying around for other purposes that took about 2 minutes to turn into something that takes a loosely-formatted text file with one IP spec (single, range, or CIDR) per line and spits out a Postfix CIDR table with the aggregate of all specs in a minimal set of CIDR blocks, each with OK as the action. On many systems you'd need to install the Net::CIDR::Lite Perl module for this to work. If your input is a clean list of single IPs and ranges, one per line, you can remove lines 17-25 (which are an artifact of my original script's loose input.) 

#!/usr/bin/env perl
# Input file is text with lines of the general form:
#
#  [IP|IP range|CIDR][whitespace+comment]
#
# Ranges are de-spaced, then anything from the first whitespace to EOL is discarded 
#
# Output is a Postfix CIDR table with lines of form:
#
#  <CIDR><TAB>OK

use Net::CIDR::Lite;

$list=Net::CIDR::Lite->new ;
while (<>)
{
   # de-space ranges
   s/ ?- ?/-/;

   # toss out comments after the IP spec & whitespace
   s/\s+.*//;

   # oops, this was an indented line with no IP spec, move along
   next if ( !  m/./ );

   # canonicalize shorthanded ranges
   if ( m/^\d+\.\d+.\d+\.\d+-\d+$/) {
      s/^(\d+)\.(\d+).(\d+)\.(\d+)-(\d+)$/\1.\2.\3.\4-\1.\2.\3.\5/;
   }
   $list->add_any($_);
}

$list->clean();
@cidrs=$list->list;

foreach $cidr (@cidrs) { print "$cidr\tOK\n"; }

Reply via email to