Firewall Wizards mailing list archives
Re: ip range with iptables
From: mag () bunuel tii matav hu (Magosányi Árpád)
Date: Sat, 19 Apr 2003 13:23:37 +0000
A levelezĹ‘m azt hiszi, hogy Wijaya, J. a következĹ‘eket Ărta:
I am trying to block yahoo messenger for my LAN, but only on certain ip range, how can i do this? i already read some articles that we can't do this with iptables, but is there any other way to work around this task??
I have ran into the problem just two days ago. József Kadlecsik made some vague promise-like statements to the phone about writing a match for the ip range case. Until that I wrote some code to break a range into multiple proper subnets. You can find the relevant python code attached. This code is a snippet from a greater project which is not yet ready for release (a new decision layer for Zorp, which is multilevel secure, can handle data paths through multiple firewalls, with intelligent en- and decapsulation, and hides the technicalities from the firewall admin). What you should know to reuse this code that a InetBrick represents a ip and port range ((minip,maxip),(minport,maxport)), and that this information is in the brick's "dim" attribute. I will release the whole thing (GPLed, of course) as soon as it will be able to pass a plug through. I hope it will be in the next week. -- GNU GPL: csak tiszta forrásból
Attachment:
helpers.py
Description:
Current thread:
- ip range with iptables Wijaya, J. (Apr 18)
- Re: ip range with iptables Martin A. Brown (Apr 19)
- Re: ip range with iptables Magosányi Árpád (Apr 19)
- Re: ip range with iptables Kadlecsik Jozsi (Apr 23)
- RE: ip range with iptables Josh Welch (Apr 19)