Hi,
that's messy, because officially I think you can only specify
binary powers, i.e. blocks of 32, 64, 128 etc. AND the start and end
addresses are tied by the binary representation.
So a block of 64 would be
192.168.1.128/26, which gives .128 to .191 (don't trust my arithmetic -
work it out for yourself) then
192.168.1.192/28 gives you another 16 (.192 to .208).
I interpret the /28 netmask is just saying
"only match the first 28 bits of the address".
Starting at .142 is a pain, but you could do it in far fewer steps than
the 70 you would use specifying it one-by-one.
You should also consider filtering it in a new separate chain so every
packet doesn't have to go through it.
e.g. if it matches .128/25 then jump to xxchain. Then at least the bottom
half
of the subnet does not need to go through the whole set of tests.
Cameron.
> -----Original Message-----
> From: Luke Brown [mailto:luke@;cwr.uwa.edu.au]
> Sent: Tuesday, 12 November 2002 11:55
> To: [EMAIL PROTECTED]
> Subject: RE: Iptables
>
> My problem is that i need to represent a range in the middle
> of the subnet (.142 thru to .210). I wasnt aware of a way to
> make subnets like that, unless i was to split it say three
> ways and only applying the rule to the middle range?
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
