Awesome! Thank you, I will give this a shot.
-----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Bill Cole Sent: Tuesday, November 15, 2016 6:20 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: Using consecutive IPs in a client access file On 15 Nov 2016, at 13:07, Gomes, Rich wrote: > Just a quick question since I have not found a way in my Googling. > > We are replacing some of our internal Exchange relays with postfix. > Currently we have other internal postfix relays which utilize a client > access file to allow relaying. > The file contains all single IPs, no ranges. > > The exchange servers have some groups of consecutive IPs on their > allow list, some cover 5 or 6 IPs, others 100. > Is there a way to provide the same list .i.e. > 192.168.0.2-12 OK > > without: > > Listing them all individually > i.e. > 192.168.0.2 OK > 192.168.0.3 OK > Etc... > Or > Allowing an entire subnet > 192.168.0.0/24 OK > > > If not possible, that's fine, I will just list them by hand, just > hoping there was a native way to do it. No, there's not. However, I happened to have an old Perl script laying around for other purposes that took about 2 minutes to turn into something that takes a loosely-formatted text file with one IP spec (single, range, or CIDR) per line and spits out a Postfix CIDR table with the aggregate of all specs in a minimal set of CIDR blocks, each with OK as the action. On many systems you'd need to install the Net::CIDR::Lite Perl module for this to work. If your input is a clean list of single IPs and ranges, one per line, you can remove lines 17-25 (which are an artifact of my original script's loose input.) #!/usr/bin/env perl # Input file is text with lines of the general form: # # [IP|IP range|CIDR][whitespace+comment] # # Ranges are de-spaced, then anything from the first whitespace to EOL is discarded # # Output is a Postfix CIDR table with lines of form: # # <CIDR><TAB>OK use Net::CIDR::Lite; $list=Net::CIDR::Lite->new ; while (<>) { # de-space ranges s/ ?- ?/-/; # toss out comments after the IP spec & whitespace s/\s+.*//; # oops, this was an indented line with no IP spec, move along next if ( ! m/./ ); # canonicalize shorthanded ranges if ( m/^\d+\.\d+.\d+\.\d+-\d+$/) { s/^(\d+)\.(\d+).(\d+)\.(\d+)-(\d+)$/\1.\2.\3.\4-\1.\2.\3.\5/; } $list->add_any($_); } $list->clean(); @cidrs=$list->list; foreach $cidr (@cidrs) { print "$cidr\tOK\n"; }
