* mask 10 -> 29
@ 2009-04-15 15:59 Mihamina Rakotomandimby (R12y)
2009-04-15 16:37 ` Gáspár Lajos
2009-04-15 17:22 ` Martin Millnert
0 siblings, 2 replies; 4+ messages in thread
From: Mihamina Rakotomandimby (R12y) @ 2009-04-15 15:59 UTC (permalink / raw)
To: netfilter
Hi,
I have this kind of shell script in order to set something on a bunch of IP
addresses:
for ACCEPTED_MACHINE in \
192.168.0.10 \
192.168.0.11 \
192.168.0.12 \
192.168.0.13 \
192.168.0.14 \
192.168.0.15 \
192.168.0.16 \
192.168.0.17 \
192.168.0.18 \
192.168.0.19 \
192.168.0.20 \
192.168.0.21 \
192.168.0.22 \
192.168.0.23 \
192.168.0.24 \
192.168.0.25 \
192.168.0.26 \
192.168.0.27 \
192.168.0.28 \
192.168.0.29
do
$IPTABLES [...]
done
How could I use a mask such as 192.168.0.0/NN to exactly match the list?
Thank you.
--
Chef de projet chez Vectoris
Phone: +261 33 11 207 36
System: xUbuntu 8.10 with almost all from package install
http://www.google.com/search?q=mihamina+rakotomandimby
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: mask 10 -> 29
2009-04-15 15:59 mask 10 -> 29 Mihamina Rakotomandimby (R12y)
@ 2009-04-15 16:37 ` Gáspár Lajos
2009-04-15 17:06 ` Nikolay S. Rybaloff
2009-04-15 17:22 ` Martin Millnert
1 sibling, 1 reply; 4+ messages in thread
From: Gáspár Lajos @ 2009-04-15 16:37 UTC (permalink / raw)
To: Mihamina Rakotomandimby (R12y); +Cc: netfilter
Hi,
Mihamina Rakotomandimby (R12y) írta:
> Hi,
> I have this kind of shell script in order to set something on a bunch
> of IP addresses:
>
> for ACCEPTED_MACHINE in \
> 192.168.0.10 \
...
> 192.168.0.29
> do
> $IPTABLES [...]
> done
>
>
> How could I use a mask such as 192.168.0.0/NN to exactly match the list?
> Thank you.
>
Use ipcalc!
The closest subnet is:
ipcalc 192.168.0.10/27
Address: 192.168.0.10 11000000.10101000.00000000.000 01010
Netmask: 255.255.255.224 = 27 11111111.11111111.11111111.111 00000
Wildcard: 0.0.0.31 00000000.00000000.00000000.000 11111
=>
Network: 192.168.0.0/27 11000000.10101000.00000000.000 00000
HostMin: 192.168.0.1 11000000.10101000.00000000.000 00001
HostMax: 192.168.0.30 11000000.10101000.00000000.000 11110
Broadcast: 192.168.0.31 11000000.10101000.00000000.000 11111
Hosts/Net: 30 Class C, Private Internet
Check HosMin and HostMax!
Swifty
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: mask 10 -> 29
2009-04-15 16:37 ` Gáspár Lajos
@ 2009-04-15 17:06 ` Nikolay S. Rybaloff
0 siblings, 0 replies; 4+ messages in thread
From: Nikolay S. Rybaloff @ 2009-04-15 17:06 UTC (permalink / raw)
To: Mihamina Rakotomandimby (R12y); +Cc: netfilter
Yeah, that is exactly why no one use decimals for network subdivision.
192.168.0.10-192.168.0.30 can not be matched with a single VLSM expression.
The exact match would be a set:
192.168.0.10/31
192.168.0.12/30
192.168.0.16/29
192.168.0.24/30
192.168.0.28/31
--------------------------------------------------
From: "Gáspár Lajos" <swifty@freemail.hu>
Sent: Wednesday, April 15, 2009 8:37 PM
To: "Mihamina Rakotomandimby (R12y)" <mihamina@lab.vectoris.fr>
Cc: <netfilter@vger.kernel.org>
Subject: Re: mask 10 -> 29
> Hi,
>
> Mihamina Rakotomandimby (R12y) írta:
>> Hi,
>> I have this kind of shell script in order to set something on a bunch of
>> IP addresses:
>>
>> for ACCEPTED_MACHINE in \
>> 192.168.0.10 \
> ...
>> 192.168.0.29
>> do
>> $IPTABLES [...]
>> done
>>
>>
>> How could I use a mask such as 192.168.0.0/NN to exactly match the list?
>> Thank you.
>>
> Use ipcalc!
>
> The closest subnet is:
>
> ipcalc 192.168.0.10/27
> Address: 192.168.0.10 11000000.10101000.00000000.000 01010
> Netmask: 255.255.255.224 = 27 11111111.11111111.11111111.111 00000
> Wildcard: 0.0.0.31 00000000.00000000.00000000.000 11111
> =>
> Network: 192.168.0.0/27 11000000.10101000.00000000.000 00000
> HostMin: 192.168.0.1 11000000.10101000.00000000.000 00001
> HostMax: 192.168.0.30 11000000.10101000.00000000.000 11110
> Broadcast: 192.168.0.31 11000000.10101000.00000000.000 11111
> Hosts/Net: 30 Class C, Private Internet
>
> Check HosMin and HostMax!
>
> Swifty
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: mask 10 -> 29
2009-04-15 15:59 mask 10 -> 29 Mihamina Rakotomandimby (R12y)
2009-04-15 16:37 ` Gáspár Lajos
@ 2009-04-15 17:22 ` Martin Millnert
1 sibling, 0 replies; 4+ messages in thread
From: Martin Millnert @ 2009-04-15 17:22 UTC (permalink / raw)
To: Mihamina Rakotomandimby (R12y); +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 2380 bytes --]
On Wed, 2009-04-15 at 18:59 +0300, Mihamina Rakotomandimby (R12y) wrote:
> Hi,
> I have this kind of shell script in order to set something on a bunch of IP
> addresses:
>
> for ACCEPTED_MACHINE in \
> 192.168.0.10 \
> 192.168.0.11 \
> 192.168.0.12 \
> 192.168.0.13 \
> 192.168.0.14 \
> 192.168.0.15 \
> 192.168.0.16 \
> 192.168.0.17 \
> 192.168.0.18 \
> 192.168.0.19 \
> 192.168.0.20 \
> 192.168.0.21 \
> 192.168.0.22 \
> 192.168.0.23 \
> 192.168.0.24 \
> 192.168.0.25 \
> 192.168.0.26 \
> 192.168.0.27 \
> 192.168.0.28 \
> 192.168.0.29
> do
> $IPTABLES [...]
> done
>
>
> How could I use a mask such as 192.168.0.0/NN to exactly match the list?
> Thank you.
>
Hi Mihamina,
Possible exact solutions include either:
aggregate - { ftp://ftp.isc.org/isc/aggregate/ |
http://packages.debian.org/aggregate } - cidr aggregation
or,
iptables -m iprange - non-cidr consecutive IP-ranges matching
Examples:
aggregate
anticimex@natalie:/tmp$ awk '{print $1 "/32"}' << EOF | aggregate
> 192.168.0.10
> 192.168.0.11
> 192.168.0.12
> 192.168.0.13
> 192.168.0.14
> 192.168.0.15
> 192.168.0.16
> 192.168.0.17
> 192.168.0.18
> 192.168.0.19
> 192.168.0.20
> 192.168.0.21
> 192.168.0.22
> 192.168.0.23
> 192.168.0.24
> 192.168.0.25
> 192.168.0.26
> 192.168.0.27
> 192.168.0.28
> 192.168.0.29
> EOF
aggregate: maximum prefix length permitted will be 32
192.168.0.10/31
192.168.0.12/30
192.168.0.16/29
192.168.0.24/30
192.168.0.28/31
anticimex@natalie:/tmp$
iptables -m iprange
natalie:~# iptables -A INPUT -i eth2 -m iprange --src-range 192.168.0.10-192.168.0.29
natalie:~# iptables -nvL INPUT
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 all -- eth2 * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.0.10-192.168.0.29
natalie:~#
anticimex@natalie:/tmp$ /sbin/iptables -m iprange -h
<snip>
iprange match options:
[!] --src-range ip-ip Match source IP in the specified range
[!] --dst-range ip-ip Match destination IP in the specified range
Hope this helps.
Regards,
--
Martin Millnert <millnert@csbnet.se>
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-04-15 17:22 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-04-15 15:59 mask 10 -> 29 Mihamina Rakotomandimby (R12y)
2009-04-15 16:37 ` Gáspár Lajos
2009-04-15 17:06 ` Nikolay S. Rybaloff
2009-04-15 17:22 ` Martin Millnert
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.