Re: defines ip to acl
And don't forget the copious comments in named.conf, so that your successor can easily see, at a glance, what start/end addresses those clusters of ACL elements represent. sure! :-) thanks Pol ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: defines ip to acl
And don't forget the copious comments in named.conf, so that your successor can
easily see, at a glance, what start/end addresses those clusters of ACL
elements represent.
- Kevin
-Original Message-
From: Darcy Kevin (FCA)
Sent: Monday, October 17, 2016 3:11 PM
To: bind-users@lists.isc.org
Subject: RE: defines ip to acl
Well, things are messy, because you haven't carved up your subnet on
bit-boundaries. BIND ACLs are either individual IPs, CIDR blocks, negations, or
some combination of these. It can be done:
192.168.1.1 through 192.168.1.99 = !192.168.1.0; 192.168.1.0/26;
192.168.1.64/27; 192.168.1.96/30;
192.168.1.100 through 192.168.1.199 = 192.168.1.100/30; 192.168.1.104/29;
192.168.1.112/28; 192.168.1.128/26; 192.168.1.192/29;
I might have made an error in the above -- did I mention that this is very
error-prone as well? :-)
- Kevin
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Pol
Hallen
Sent: Monday, October 17, 2016 2:37 PM
To: bind-users@lists.isc.org
Subject: defines ip to acl
Hello all :-)
I need to setup 2 kind of acl on same network, ie:
ip from 192.168.1.1 to 192.168.1.99 belongs to acl1 and ip from 192.168.1.100
to 192.168.1.199 to acl2
acl net1 { 192.168.1.1-99/24 };
acl net1 { 192.168.1.99-199/24 };
what's the correct way? I didn't find nothing :-/
thanks for help
Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: defines ip to acl
Acls don’t support ranges, only prefixes. You don’t want the whole /24. I
think you want:
acl net1 {192.168.1.0/26; 192.168.1.64/27; 192.168.1.96/30; }
acl net2 {192.168.1.100/30; 192.168.104/29; 192.168.1.112/28; 192.168.1.128/26;
192.168.1.192/29; }
thanks guys :-)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: defines ip to acl
Well, things are messy, because you haven't carved up your subnet on
bit-boundaries. BIND ACLs are either individual IPs, CIDR blocks, negations, or
some combination of these. It can be done:
192.168.1.1 through 192.168.1.99 = !192.168.1.0; 192.168.1.0/26;
192.168.1.64/27; 192.168.1.96/30;
192.168.1.100 through 192.168.1.199 = 192.168.1.100/30; 192.168.1.104/29;
192.168.1.112/28; 192.168.1.128/26; 192.168.1.192/29;
I might have made an error in the above -- did I mention that this is very
error-prone as well? :-)
- Kevin
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Pol
Hallen
Sent: Monday, October 17, 2016 2:37 PM
To: bind-users@lists.isc.org
Subject: defines ip to acl
Hello all :-)
I need to setup 2 kind of acl on same network, ie:
ip from 192.168.1.1 to 192.168.1.99 belongs to acl1 and ip from 192.168.1.100
to 192.168.1.199 to acl2
acl net1 { 192.168.1.1-99/24 };
acl net1 { 192.168.1.99-199/24 };
what's the correct way? I didn't find nothing :-/
thanks for help
Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: defines ip to acl
Acls don’t support ranges, only prefixes. You don’t want the whole /24. I
think you want:
acl net1 {192.168.1.0/26; 192.168.1.64/27; 192.168.1.96/30; }
acl net2 {192.168.1.100/30; 192.168.104/29; 192.168.1.112/28; 192.168.1.128/26;
192.168.1.192/29; }
On 2016-10-17, 13:41, "bind-users on behalf of Pol Hallen"
wrote:
Hello all :-)
I need to setup 2 kind of acl on same network, ie:
ip from 192.168.1.1 to 192.168.1.99 belongs to acl1
and ip from 192.168.1.100 to 192.168.1.199 to acl2
acl net1 { 192.168.1.1-99/24 };
acl net1 { 192.168.1.99-199/24 };
what's the correct way? I didn't find nothing :-/
thanks for help
Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
