On 11/25/2017 09:48 PM, Olaf Meeuwissen wrote:
Hi,
ToddAndMargo writes:
Le samedi 25 novembre 2017, 01:38:56 ToddAndMargo a écrit :
Hi All,
In saned.conf,
what is the proper syntax to allow all IP from a particular network:
192.168.100.0/24
and what is the syntax allow a range of networks:
192.168.100.0/24 through 192.168.105.0/24
Many thanks,
-T
On 11/25/2017 02:05 AM, e.m...@orange.fr wrote:
> Hello Sir,
>
> I'm not a specialist of sane but my search engine with "man
saned.conf" gave
> me the following page
> https://linux.die.net/man/8/saned
> where I see an example
> # Access list
> scan-client.somedomain.firm
> # this is a comment
> 192.168.0.1
> 192.168.2.12/29
> [::1]
> [2001:7a8:185e::42:12]/64
>
> Is it clear enough?
>
> Have a nice Saturday
>
> Regards
Actually no.
I had found that portion, but got frustrated with them
calling "hostnames" as "IP addresses". Not the same
thing. Hostname is before the IP address is resolved.
You're right that host names and IP addresses are not the same thing,
but the saned manual page says:
The access list is a list of host names, IP addresses or IP subnets
(CIDR notation)
It doesn't say they are the same thing. It just says that you can use
whatever combination of these three is most convenient for you.
I have to go and find where I got the misunderstanding. One of
the pains-in-the -neck of RHEL is that EVERYTHING is deliberately
out-of-date. Man pages are often wrong.
And "192.168.2.12/29" which only gives you a single IP
address with its subnet mask.
Using that would allow access from all eight IPv4 addresses that have
the same 29 initial bits as 192.168.2.12. Please note that the CIDR
notation was introduced exactly to allow addressing on arbitrary bit
boundaries.
See https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
From the above link:
For example:
192.168.100.14/24 represents the IPv4 address 192.168.100.14
and its associated routing prefix 192.168.100.0, or
equivalently, its subnet mask 255.255.255.0, which has 24
leading 1-bits.
the IPv4 block 192.168.100.0/22 represents the 1024 IPv4
addresses from 192.168.100.0 to 192.168.103.255.
Which was my complaint with "192.168.2.12/29" which only refers
to one IP address, not all the IPs in its mask (not the block).
If you wanted everyone in 29's mask (the block), it would have
been written as 29's broadcast address, not a member of the mask:
192.168.100.12/29
meaning 192.168.100.12 to 15
The above line shows that
you do not need the subnet mask. xxx.xxx.xxx.0/24
tells you all the IP's from xxx.xxx.xxx.1 to 255
Can I get away with 192.168.222.0/23? That would
be 192.168.222 to 223. 1 to 255
Yes.
Hope this helps,
Yes it does! Thank you!
Are you able to look at my error log over on
"[sane-devel] where is my socket error?"
This dog (PDF Studio) don't hunt (read saned)!
--
sane-devel mailing list: sane-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/sane-devel
Unsubscribe: Send mail with subject "unsubscribe your_password"
to sane-devel-requ...@lists.alioth.debian.org
