address match list syntaxs
George Young
gyoung at gldata.com
Mon Oct 8 01:33:01 UTC 2001
You mean A.B.C.D/E + A.B.C+1.D/E = A.B.C.D/E-1 right?
Assuming C is even.
If thats not what you mean then I don't understand.
george
< Give most addresses are actually handed out aligned this
< is usually not a problem. If you really want to reduce the
< length of the acl request a CIDR aligned address block.
< You will have to renumber but you won't be forever having to
< add several entries when one would do if you had aligned
< address space.
<
< Remember A.B.C.D/E + A.B.C.D+1/E can always be reduced to
< A.B.C.D/E-1 if D is even, which makes it pretty easy to
< see where you can reduce expressions on the fly.
<
< Mark
<
<>
<> Thank you for your responses - I was hoping there was a wild
<card type
<> option, kinda of like using the $GENERATE statement in the
<zone files. This
<> is an ongoing problem here with all these subnets. Addresses
<are assigned in
<> blocks (usually contiguous) to the various divisions. For
<this particular
<> problem I will make use of the CIDR concept. Giving my math
<skills this is
<> going to be challenging.
<>
<> Will I be able to get the check-net program to either run on
<Win32 or RedHat
<> 7.1?
<>
<> Thank all for your help - George
<>
<>
<> > Our local subnets are a /24 sequence from 161.241.51/24 to
<161.241.81/24 -
<> <> > (its a private network).
<> <> >
<> <> > Creating an ACL for this group makes a rather long address
<> <match list - ie:
<> <> >
<> <> > acl mylocalsubnets { 161.241.51/24; 161.241.52/24;
<161.241.53/24;
<> <> > 161.241.54/24; .............. > 161.241.81;};
<> <> >
<> <> > I would be REALLY REALLY nice to be able to write it this way
<> <> >
<> <> > acl mylocalsubnets { 161.241.51-81/24;};
<> <> >
<> <> > Thanks!!
<> <> > George Young
<> <>
<>
<> <Scratch that; 1+4+8+16+1 != 31. Here's what I should have written:
<> <
<> < 161.241.51/24;
<> < 161.241.52/22; # covers 52-55 (3rd octet divisible by 4)
<> < 161.241.56/21; # covers 56-63 (3rd octet divisible by 8)
<> < 161.241.64/20; # covers 64-79 (3rd octet divisible by 16)
<> < 161.241.80/23; # covers 80-81 (3rd octet divisible by 2)
<> <
<> <I've written a little utility called 'check-net' which does
<> <the necessary arithmetic to validate a network/CIDR and/or
<> <network:subnetmask specification. It's included in the 'h2n'
<> <distribution at < ftp://ftp.hpl.hp.com/pub/h2n/h2n.tar.gz >.
<> <
<> <Andris Kalnozols
<> <Hewlett-Packard Laboratories
<> <andris at hpl.hp.com
<> <
<> <
<> <
<>
<>
<--
<Mark Andrews, Internet Software Consortium
<1 Seymour St., Dundas Valley, NSW 2117, Australia
<PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
<
More information about the bind-users
mailing list