All of lore.kernel.org
 help / color / mirror / Atom feed
* mask 10 -> 29
@ 2009-04-15 15:59 Mihamina Rakotomandimby (R12y)
  2009-04-15 16:37 ` Gáspár Lajos
  2009-04-15 17:22 ` Martin Millnert
  0 siblings, 2 replies; 4+ messages in thread
From: Mihamina Rakotomandimby (R12y) @ 2009-04-15 15:59 UTC (permalink / raw)
  To: netfilter

Hi,
I have this kind of shell script in order to set something on a bunch of IP 
addresses:

for ACCEPTED_MACHINE in \
     192.168.0.10 \
     192.168.0.11 \
     192.168.0.12 \
     192.168.0.13 \
     192.168.0.14 \
     192.168.0.15 \
     192.168.0.16 \
     192.168.0.17 \
     192.168.0.18 \
     192.168.0.19 \
     192.168.0.20 \
     192.168.0.21 \
     192.168.0.22 \
     192.168.0.23 \
     192.168.0.24 \
     192.168.0.25 \
     192.168.0.26 \
     192.168.0.27 \
     192.168.0.28 \
     192.168.0.29
do
$IPTABLES [...]
done


How could I use a mask such as 192.168.0.0/NN to exactly match the list?
Thank you.

-- 
                              Chef de projet chez Vectoris
                                  Phone: +261 33 11 207 36
System: xUbuntu 8.10 with almost all from package install
    http://www.google.com/search?q=mihamina+rakotomandimby

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: mask 10 -> 29
  2009-04-15 15:59 mask 10 -> 29 Mihamina Rakotomandimby (R12y)
@ 2009-04-15 16:37 ` Gáspár Lajos
  2009-04-15 17:06   ` Nikolay S. Rybaloff
  2009-04-15 17:22 ` Martin Millnert
  1 sibling, 1 reply; 4+ messages in thread
From: Gáspár Lajos @ 2009-04-15 16:37 UTC (permalink / raw)
  To: Mihamina Rakotomandimby (R12y); +Cc: netfilter

Hi,

Mihamina Rakotomandimby (R12y) írta:
> Hi,
> I have this kind of shell script in order to set something on a bunch 
> of IP addresses:
>
> for ACCEPTED_MACHINE in \
>     192.168.0.10 \
...
>    192.168.0.29
> do
> $IPTABLES [...]
> done
>
>
> How could I use a mask such as 192.168.0.0/NN to exactly match the list?
> Thank you.
>
Use ipcalc!

The closest subnet is:

ipcalc 192.168.0.10/27
Address:   192.168.0.10         11000000.10101000.00000000.000 01010
Netmask:   255.255.255.224 = 27 11111111.11111111.11111111.111 00000
Wildcard:  0.0.0.31             00000000.00000000.00000000.000 11111
=>
Network:   192.168.0.0/27       11000000.10101000.00000000.000 00000
HostMin:   192.168.0.1          11000000.10101000.00000000.000 00001
HostMax:   192.168.0.30         11000000.10101000.00000000.000 11110
Broadcast: 192.168.0.31         11000000.10101000.00000000.000 11111
Hosts/Net: 30                    Class C, Private Internet

Check HosMin and HostMax!

Swifty



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: mask 10 -> 29
  2009-04-15 16:37 ` Gáspár Lajos
@ 2009-04-15 17:06   ` Nikolay S. Rybaloff
  0 siblings, 0 replies; 4+ messages in thread
From: Nikolay S. Rybaloff @ 2009-04-15 17:06 UTC (permalink / raw)
  To: Mihamina Rakotomandimby (R12y); +Cc: netfilter

Yeah, that is exactly why no one use decimals for network subdivision.

192.168.0.10-192.168.0.30 can not be matched with a single VLSM expression. 
The exact match would be a set:

192.168.0.10/31
192.168.0.12/30
192.168.0.16/29
192.168.0.24/30
192.168.0.28/31



--------------------------------------------------
From: "Gáspár Lajos" <swifty@freemail.hu>
Sent: Wednesday, April 15, 2009 8:37 PM
To: "Mihamina Rakotomandimby (R12y)" <mihamina@lab.vectoris.fr>
Cc: <netfilter@vger.kernel.org>
Subject: Re: mask 10 -> 29

> Hi,
>
> Mihamina Rakotomandimby (R12y) írta:
>> Hi,
>> I have this kind of shell script in order to set something on a bunch of 
>> IP addresses:
>>
>> for ACCEPTED_MACHINE in \
>>     192.168.0.10 \
> ...
>>    192.168.0.29
>> do
>> $IPTABLES [...]
>> done
>>
>>
>> How could I use a mask such as 192.168.0.0/NN to exactly match the list?
>> Thank you.
>>
> Use ipcalc!
>
> The closest subnet is:
>
> ipcalc 192.168.0.10/27
> Address:   192.168.0.10         11000000.10101000.00000000.000 01010
> Netmask:   255.255.255.224 = 27 11111111.11111111.11111111.111 00000
> Wildcard:  0.0.0.31             00000000.00000000.00000000.000 11111
> =>
> Network:   192.168.0.0/27       11000000.10101000.00000000.000 00000
> HostMin:   192.168.0.1          11000000.10101000.00000000.000 00001
> HostMax:   192.168.0.30         11000000.10101000.00000000.000 11110
> Broadcast: 192.168.0.31         11000000.10101000.00000000.000 11111
> Hosts/Net: 30                    Class C, Private Internet
>
> Check HosMin and HostMax!
>
> Swifty
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: mask 10 -> 29
  2009-04-15 15:59 mask 10 -> 29 Mihamina Rakotomandimby (R12y)
  2009-04-15 16:37 ` Gáspár Lajos
@ 2009-04-15 17:22 ` Martin Millnert
  1 sibling, 0 replies; 4+ messages in thread
From: Martin Millnert @ 2009-04-15 17:22 UTC (permalink / raw)
  To: Mihamina Rakotomandimby (R12y); +Cc: netfilter

[-- Attachment #1: Type: text/plain, Size: 2380 bytes --]

On Wed, 2009-04-15 at 18:59 +0300, Mihamina Rakotomandimby (R12y) wrote:
> Hi,
> I have this kind of shell script in order to set something on a bunch of IP 
> addresses:
> 
> for ACCEPTED_MACHINE in \
>      192.168.0.10 \
>      192.168.0.11 \
>      192.168.0.12 \
>      192.168.0.13 \
>      192.168.0.14 \
>      192.168.0.15 \
>      192.168.0.16 \
>      192.168.0.17 \
>      192.168.0.18 \
>      192.168.0.19 \
>      192.168.0.20 \
>      192.168.0.21 \
>      192.168.0.22 \
>      192.168.0.23 \
>      192.168.0.24 \
>      192.168.0.25 \
>      192.168.0.26 \
>      192.168.0.27 \
>      192.168.0.28 \
>      192.168.0.29
> do
> $IPTABLES [...]
> done
> 
> 
> How could I use a mask such as 192.168.0.0/NN to exactly match the list?
> Thank you.
> 

Hi Mihamina,

Possible exact solutions include either:
  aggregate - { ftp://ftp.isc.org/isc/aggregate/ |
http://packages.debian.org/aggregate }  - cidr aggregation
  or,
  iptables -m iprange  - non-cidr consecutive IP-ranges matching

Examples:

  aggregate

anticimex@natalie:/tmp$ awk '{print $1 "/32"}' << EOF | aggregate
> 192.168.0.10
> 192.168.0.11
> 192.168.0.12
> 192.168.0.13
> 192.168.0.14
> 192.168.0.15
> 192.168.0.16
> 192.168.0.17
> 192.168.0.18
> 192.168.0.19
> 192.168.0.20
> 192.168.0.21
> 192.168.0.22
> 192.168.0.23
> 192.168.0.24
> 192.168.0.25
> 192.168.0.26
> 192.168.0.27
> 192.168.0.28
> 192.168.0.29
> EOF
aggregate: maximum prefix length permitted will be 32
192.168.0.10/31
192.168.0.12/30
192.168.0.16/29
192.168.0.24/30
192.168.0.28/31
anticimex@natalie:/tmp$ 


  iptables -m iprange

natalie:~# iptables -A INPUT -i eth2 -m iprange --src-range 192.168.0.10-192.168.0.29    
natalie:~# iptables -nvL INPUT 
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  eth2   *       0.0.0.0/0            0.0.0.0/0           source IP range 192.168.0.10-192.168.0.29 
natalie:~# 

anticimex@natalie:/tmp$ /sbin/iptables -m iprange -h
<snip>
iprange match options:
[!] --src-range ip-ip        Match source IP in the specified range
[!] --dst-range ip-ip        Match destination IP in the specified range


Hope this helps.

Regards,
-- 
Martin Millnert <millnert@csbnet.se>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-04-15 17:22 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-04-15 15:59 mask 10 -> 29 Mihamina Rakotomandimby (R12y)
2009-04-15 16:37 ` Gáspár Lajos
2009-04-15 17:06   ` Nikolay S. Rybaloff
2009-04-15 17:22 ` Martin Millnert

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.