Re: [fw-wiz] IP Ranges

---

• From: "Jason Gervia" <level7online@xxxxxxxxx>
• Date: Tue, 27 Mar 2007 15:48:18 -0400

---

Hello,

In regards to cisco PIX - there's no real way to specify a 'range' option
with regards to IP addresses. I'd suggest trying object groups and
specifying which hosts you would like.

In IOS, you could potentially use subnet masks that specified 2,4,8,16, etc
hosts to get the equivalent of a range, but I believe the stateful
firewalling that is part of the pix won't allow that (it will deny
src/destinations of networks or broadcast networks).

I agree, it would be a great thing for cisco to add in a later code
release. Unfortunately it's not here yet.



--Jason

On 3/26/07, Sergio Pozo Hidalgo <sergio@xxxxxxxxx> wrote:

Hi all,
I have been searcing in the list and in google about how to specify ip
ranges in different low level firewall languages.

I have read that it is possible to do that with iptables using
--ip-range parameter. But I could'nt find any information reagarding PIX
or PF using a syntax like iptables one.
I know it is possible to specify contiguous and non-contiguous ip ranges
using subnets (Subnet Calculator is a good application for that), and a
combination of deny and permit rules. But the question is if there is a
way to specify a range using the easy-to-use format of iptables:
192.168.0.1-192.168.2.20 (I know there is a mix of subnets...)

Thank you very much in advance.
Best regards,

--
Sergio Pozo Hidalgo
Quivir Research Group <www.lsi.us.es/~quivir>
University of Seville (Spain)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

---

• Follow-Ups:
  • Re: [fw-wiz] IP Ranges
    • From: Fetch, Brandon

• References:
  • [fw-wiz] IP Ranges
    • From: Sergio Pozo Hidalgo

• Prev by Date: Re: [fw-wiz] Virtualization and firewalling?
• Next by Date: Re: [fw-wiz] [OT?] Accounting from PIX Logs
• Previous by thread: [fw-wiz] IP Ranges
• Next by thread: Re: [fw-wiz] IP Ranges
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ASP.NET Images are not displayed ... Richard Hein ... >>and img tag. ... > Would you please tell me how do you specify the picture's location in your ... > Best regards, ... (microsoft.public.vsnet.ide) RE: Filling Text from Another File ... you are using because you didn't specify (I don't think, atleast): ... Dave ... >> Regards, ... (microsoft.public.excel.worksheet.functions) Re: Allen: TechQ ... > specify a writeable drive, like C:, for the changed version. ... > regards, Fred ... guess I am getting back into the UNIX era. ... that is why I miss the o/s I ... (misc.news.internet.discuss) Re: Print VBA code in Editor format colors ... Regards, ... Tom Ogilvy ... > specify the code colors for Normal Text, Comment Text, Keyword Text, etc. ... > This is a wonderful feature when trying to edit a macro. ... (microsoft.public.excel.programming) Re: ManagementEventWatcher.start=OutOfMemoryException ... I have to specify different user/pass for each machine to ... > connect to, but this is an exception, my most machines are domain-members. ... > Best regards, ... >> In your original post you said none of the machines are domain members, ... (microsoft.public.win32.programmer.wmi)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2007-03