* how do you add multiple addresses for -s??
@ 2004-01-12 17:15 Technical
2004-01-12 17:21 ` Antony Stone
2004-01-12 18:01 ` John A. Sullivan III
0 siblings, 2 replies; 4+ messages in thread
From: Technical @ 2004-01-12 17:15 UTC (permalink / raw)
To: netfilter
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: how do you add multiple addresses for -s??
2004-01-12 17:15 how do you add multiple addresses for -s?? Technical
@ 2004-01-12 17:21 ` Antony Stone
2004-01-12 18:01 ` John A. Sullivan III
1 sibling, 0 replies; 4+ messages in thread
From: Antony Stone @ 2004-01-12 17:21 UTC (permalink / raw)
To: netfilter
Use multiple rules, in a user-defined chain if you like.
Antony.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: how do you add multiple addresses for -s??
2004-01-12 17:15 how do you add multiple addresses for -s?? Technical
2004-01-12 17:21 ` Antony Stone
@ 2004-01-12 18:01 ` John A. Sullivan III
2004-01-12 22:05 ` Rodrigo Severo
1 sibling, 1 reply; 4+ messages in thread
From: John A. Sullivan III @ 2004-01-12 18:01 UTC (permalink / raw)
To: Technical; +Cc: netfilter
I do not think one can. One can use a subnet,e.g., -s 10.1.1.16/28. If
the addresses do not fall into a single subnet, one can use a range with
the iprange patch in patch-o-matic. Failing that, there is a handy
utility at http://subnetcreator.sourceforge.net which can convert an
iprange into a series of subnets so that one can make a series of subnet
rules for a range, e.g, -s 10.1.1.10/31 -j ACCEPT, -s 10.1.1.11/30 -j
ACCEPT, -s 10.1.1.12/30 -j ACCEPT, -s 10.1.1.16/30 and 10.1.1.20/32 for
the range 10.1.1.10-20. We use it extensively to create NETMAP rules to
resolve IP network address conflicts in the ISCS network security
project (http://iscs.sourceforge.net). Other than that, I think you're
stuck :-)
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: how do you add multiple addresses for -s??
2004-01-12 18:01 ` John A. Sullivan III
@ 2004-01-12 22:05 ` Rodrigo Severo
0 siblings, 0 replies; 4+ messages in thread
From: Rodrigo Severo @ 2004-01-12 22:05 UTC (permalink / raw)
To: netfilter
John A. Sullivan III wrote:
> I do not think one can. One can use a subnet,e.g., -s 10.1.1.16/28. If
> the addresses do not fall into a single subnet, one can use a range with
> the iprange patch in patch-o-matic. Failing that, there is a handy
> utility at http://subnetcreator.sourceforge.net which can convert an
> iprange into a series of subnets so that one can make a series of subnet
> rules for a range, e.g, -s 10.1.1.10/31 -j ACCEPT, -s 10.1.1.11/30 -j
> ACCEPT, -s 10.1.1.12/30 -j ACCEPT, -s 10.1.1.16/30 and 10.1.1.20/32 for
> the range 10.1.1.10-20. We use it extensively to create NETMAP rules to
> resolve IP network address conflicts in the ISCS network security
> project (http://iscs.sourceforge.net). Other than that, I think you're
> stuck :-)
Another option is to use the ippool match.
Rodrigo Severo
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-01-12 22:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-01-12 17:15 how do you add multiple addresses for -s?? Technical
2004-01-12 17:21 ` Antony Stone
2004-01-12 18:01 ` John A. Sullivan III
2004-01-12 22:05 ` Rodrigo Severo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.