SuSeFirewall2 and range of addresses without using mask

Hello,

Does anyone know how to setup a range of addresses in a block to allow
certain protocols access without adding them individually (like 10-30) or
using a netwmask?

I've tried these examples on my internal network under the masquerade area
using the SuseFirewall2 Webmin module:
10.0.0.100:150,0/0
10.0.0.100-150,0/0
10.0.0.100-10.0.0.150,0/0
10.0.0.100:150,0/0,tcp,80 (web only for testing restricted access)

and some variants.

Can anyone help?

Thanks!

Greg

Re: SuSeFirewall2 and range of addresses without using mask

Greg Shepherd wrote:
> Hello,
>
> Does anyone know how to setup a range of addresses in a block to
> allow certain protocols access without adding them individually (like
> 10-30) or using a netwmask?
>
> I've tried these examples on my internal network under the masquerade
> area using the SuseFirewall2 Webmin module:
> 10.0.0.100:150,0/0
> 10.0.0.100-150,0/0
> 10.0.0.100-10.0.0.150,0/0
> 10.0.0.100:150,0/0,tcp,80 (web only for testing restricted access)
>
> and some variants.
>
> Can anyone help?

Sure. You can't. iptables (which SuSEfirewall2 uses) only allows netmasks.

On the other hand, you can reduce any range into a few subnets. For your
example, you would need 7 entries (fewer if you could include a few extra IP
addresses on each side).

But really, you would want to learn using subnets instead of ranges --
they're used everywhere, and the routing/filtering is done at the network
level. Ranges are artificial, and not native to how networks work.

Regards,
--
*Art