SuSeFirewall2 and range of addresses without using mask
am 17.12.2004 16:17:19 von Greg Shepherd
Hello,
Does anyone know how to setup a range of addresses in a block to allow
certain protocols access without adding them individually (like 10-30) or
using a netwmask?
I've tried these examples on my internal network under the masquerade area
using the SuseFirewall2 Webmin module:
10.0.0.100:150,0/0
10.0.0.100-150,0/0
10.0.0.100-10.0.0.150,0/0
10.0.0.100:150,0/0,tcp,80 (web only for testing restricted access)
and some variants.
Can anyone help?
Thanks!
Greg
Re: SuSeFirewall2 and range of addresses without using mask
am 18.12.2004 05:10:38 von Arthur Hagen
Greg Shepherd wrote:
> Hello,
>
> Does anyone know how to setup a range of addresses in a block to
> allow certain protocols access without adding them individually (like
> 10-30) or using a netwmask?
>
> I've tried these examples on my internal network under the masquerade
> area using the SuseFirewall2 Webmin module:
> 10.0.0.100:150,0/0
> 10.0.0.100-150,0/0
> 10.0.0.100-10.0.0.150,0/0
> 10.0.0.100:150,0/0,tcp,80 (web only for testing restricted access)
>
> and some variants.
>
> Can anyone help?
Sure. You can't. iptables (which SuSEfirewall2 uses) only allows netmasks.
On the other hand, you can reduce any range into a few subnets. For your
example, you would need 7 entries (fewer if you could include a few extra IP
addresses on each side).
But really, you would want to learn using subnets instead of ranges --
they're used everywhere, and the routing/filtering is done at the network
level. Ranges are artificial, and not native to how networks work.
Regards,
--
*Art