On 26 February 2010 c. 20:23:31 Leonardo Carneiro - Veltrac wrote:
> Is it possible to write a rule based on a arbitrary ip rule instead
> using a full subnet as source address like this?
>
> hosts_allowed="{ 192.168.0.21-40 }"
>
> And even using a single host on this following rule, i get a syntax
> error. Can someone point what is wrong?
>
> host_allowed="192.168.0.21"
> im_server="192.168.1.2"
> block out on $inet_iface inet proto tcp from ! { $host_allowed,
> $im_server } to any port 1863

At first, this rule will NOT do what you think it will do. It expands
(theoretically) to two rules:

block out on $inet_iface inet proto tcp from ! $host_allowed \
    to any port 1863
block out on $inet_iface inet proto tcp from ! $im_server \
    to any port 1863

As the result, all traffic will be blocked: traffic from $im_server will
be blocked by the first rule, and traffic from $host_allowed will be
blocked by the second one.

--
  Best wishes,
    Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Reply via email to