address match list syntaxs

George Young gyoung at gldata.com
Mon Oct 8 01:33:01 UTC 2001 

You mean A.B.C.D/E + A.B.C+1.D/E = A.B.C.D/E-1 right?
Assuming C is even.
If thats not what you mean then I don't  understand.

george

<	Give most addresses are actually handed out aligned this
<	is usually not a problem.  If you really want to reduce the
<	length of the acl request a CIDR aligned address block.
<	You will have to renumber but you won't be forever having to
<	add several entries when one would do if you had aligned
<	address space.
<
<	Remember A.B.C.D/E + A.B.C.D+1/E can always be reduced to
<	A.B.C.D/E-1 if D is even, which makes it pretty easy to
<	see where you can reduce expressions on the fly.
<
<	Mark
<
<> 
<> Thank you for your responses - I was hoping there was a wild 
<card type
<> option, kinda of like using the $GENERATE statement in the 
<zone files. This
<> is an ongoing problem here with all these subnets. Addresses 
<are assigned in
<> blocks (usually contiguous) to the various divisions. For 
<this particular
<> problem I will make use of the CIDR concept. Giving my math 
<skills this is
<> going to be challenging.
<> 
<> Will I be able to get the check-net program to either run on 
<Win32 or RedHat
<> 7.1?
<> 
<> Thank all for your help - George
<> 
<> 
<> > Our local subnets are a /24 sequence from 161.241.51/24 to 
<161.241.81/24 -
<> <> > (its a private network).
<> <> >
<> <> > Creating an ACL for this group makes a rather long address
<> <match list - ie:
<> <> >
<> <> > acl mylocalsubnets { 161.241.51/24; 161.241.52/24; 
<161.241.53/24;
<> <> > 		161.241.54/24; .............. > 161.241.81;};
<> <> >
<> <> > I would be REALLY REALLY nice to be able to write it this way
<> <> >
<> <> > acl mylocalsubnets { 161.241.51-81/24;};
<> <> >
<> <> > Thanks!!
<> <> > George Young
<> <>
<> 
<> <Scratch that; 1+4+8+16+1 != 31.  Here's what I should have written:
<> <
<> <    161.241.51/24;
<> <    161.241.52/22;    # covers 52-55 (3rd octet divisible by 4)
<> <    161.241.56/21;    # covers 56-63 (3rd octet divisible by 8)
<> <    161.241.64/20;    # covers 64-79 (3rd octet divisible by 16)
<> <    161.241.80/23;    # covers 80-81 (3rd octet divisible by 2)
<> <
<> <I've written a little utility called 'check-net' which does
<> <the necessary arithmetic to validate a network/CIDR and/or
<> <network:subnetmask specification.  It's included in the 'h2n'
<> <distribution at < ftp://ftp.hpl.hp.com/pub/h2n/h2n.tar.gz >.
<> <
<> <Andris Kalnozols
<> <Hewlett-Packard Laboratories
<> <andris at hpl.hp.com
<> <
<> <
<> <
<> 
<> 
<--
<Mark Andrews, Internet Software Consortium
<1 Seymour St., Dundas Valley, NSW 2117, Australia
<PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org
<

More information about the bind-users mailing list