address match list syntaxs
Andris Kalnozols
andris at hpl.hp.com
Sun Oct 7 21:48:21 UTC 2001
> > Our local subnets are a /24 sequence from 161.241.51/24 to 161.241.81/24 -
> > (its a private network).
> >
> > Creating an ACL for this group makes a rather long address match list - ie:
> >
> > acl mylocalsubnets { 161.241.51/24; 161.241.52/24; 161.241.53/24;
> > 161.241.54/24; .............. > 161.241.81;};
> >
> > I would be REALLY REALLY nice to be able to write it this way
> >
> > acl mylocalsubnets { 161.241.51-81/24;};
> >
> > Thanks!!
> > George Young
>
> This range of 31 contiguous /24 networks can be covered by the
> following specifications:
>
> 161.241.51/24;
> 161.241.52/22; # covers 52-55 (3rd octet divisible by 4)
> 161.241.56/21; # covers 56-63 (3rd octet divisible by 8)
> 161.241.64/20; # covers 64-80 (3rd octet divisible by 16)
> 161.241.81/24;
Scratch that; 1+4+8+16+1 != 31. Here's what I should have written:
161.241.51/24;
161.241.52/22; # covers 52-55 (3rd octet divisible by 4)
161.241.56/21; # covers 56-63 (3rd octet divisible by 8)
161.241.64/20; # covers 64-79 (3rd octet divisible by 16)
161.241.80/23; # covers 80-81 (3rd octet divisible by 2)
I've written a little utility called 'check-net' which does
the necessary arithmetic to validate a network/CIDR and/or
network:subnetmask specification. It's included in the 'h2n'
distribution at < ftp://ftp.hpl.hp.com/pub/h2n/h2n.tar.gz >.
Andris Kalnozols
Hewlett-Packard Laboratories
andris at hpl.hp.com
More information about the bind-users
mailing list