Firewall Wizards mailing list archives
Re: IP Ranges
From: Sergio Pozo Hidalgo <sergio () lsi us es>
Date: Fri, 30 Mar 2007 16:51:36 +0200
Security Guy escribió:
specifically regarding PIX Object groups do make ACL management a whole lot easier, but you're still stuck specifying hosts or contiguous networks within the group, you can't just put in a range like 192.168.10.15-28 that doesn't summarize nicely.
Mmmm. I was thinking and experimenting with several subnet calculators, and I conclude that the only ranges that can be specifyed are of the kind IP/CIDR, because if you specify something like 192.168.1.20-30 it can mean that range of ten IPs (in this case, in other cases it can be several IPs), or it can mean: 192.168.1.20/255.255.255.252 192.168.1.24/255.255.255.252 192.168.1.28/255.255.255.254 192.168.1.30/255.255.255.255 which aren't in the same network range... In any case, you cannot specify which of the two options you want, and IPTables documentation doesn't say it. I think that this is one of the reasons why the ip-range option is not a very useful one, and is only implemented (I suppose) in IPTables 2.4 and 2.6. -Sergio _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- IP Ranges Sergio Pozo Hidalgo (Mar 26)
- Re: IP Ranges Jason Gervia (Mar 27)
- Re: IP Ranges Fetch, Brandon (Mar 29)
- Re: IP Ranges Security Guy (Mar 29)
- Re: IP Ranges Sergio Pozo Hidalgo (Mar 30)
- Re: IP Ranges Fetch, Brandon (Mar 29)
- Re: IP Ranges Jason Gervia (Mar 27)