On Sun, 25 Jul 2010 19:10:42 -0700, <kevin.buck...@ecs.vuw.ac.nz> wrote:
I recall you said you had machines numbered 192.168.10.1xx ?
If so, then 192.168.10.0/24 ("slash 24") would be slightly better
for you than "slash 8" as that at least narrows things down to all
numeric addresses starting with:
192.168.10.
If you just wanted to "trust" to a single machine then this:
192.168.10.100/32
represents, in the syntax you have already seen in use, the single
machine, 192.168.10.100.
Thanks! The syntax wasn't explained in any of the info I found - which
included nothing so basic as a manual or HowTo doc - so I was trying to
guess from examples. I figured that /8 meant "mask off the last 8 bits",
but apparently it's "mask everything but the first 8".
Without wishing to make too many guesses as to what FW_TRUSTED_NETS
is doing but assuming that you can assign more than one "netmask" in
there and armed with the info above, you could add all of your own
machines individually by making:
FW_TRUSTED_NETS
take the values (three machine range, 101 -> 103 here)
192.168.10.100/32 192.168.10.101/32 192.168.10.102/32
and so on: basically, treating each machine as a trusted "network"
of one machine.
It also allows listing of individual machines, e.g. "192.168.10.100
192.168.10.101 192.168.10.102...", but I figured it could get tedious
updating the list on every machine each time I add one.
Thanks,
James
