Also, the ipset create command supports the netmask parameter. hash:ip CREATE-OPTIONS := .... netmask cidr ....
netmask cidr When the optional netmask parameter specified, network addresses will be stored in the set instead of IP host addresses. The cidr prefix value must be between 1-32 for IPv4 and between 1-128 for IPv6. An IP address will be in the set if the network address, which is resulted by masking the address with the netmask, can be found in the set. Examples: ipset create foo hash:ip netmask 30 Given a netmask of 64 generates: Name: shorewall6-ip Type: hash:ip Revision: 4 Header: family inet6 hashsize 1024 maxelem 65536 netmask 64 timeout 86400 Size in memory: 16504 References: 1 Members: Then in shorewall rules just use an ADD to block the network: ADD(+shorewall6-ip:src) inet6 fw tcp,udp snmp,514 Bill ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
