Re: [fw-wiz] IP Ranges



Security Guy escribió:
specifically regarding PIX

Object groups do make ACL management a whole lot easier, but you're
still stuck specifying hosts or contiguous networks within the group,
you can't just put in a range like 192.168.10.15-28 that doesn't
summarize nicely.

Mmmm. I was thinking and experimenting with several subnet calculators,
and I conclude that the only ranges that can be specifyed are of the
kind IP/CIDR, because if you specify something like 192.168.1.20-30 it
can mean that range of ten IPs (in this case, in other cases it can be
several IPs), or it can mean:
192.168.1.20/255.255.255.252
192.168.1.24/255.255.255.252
192.168.1.28/255.255.255.254
192.168.1.30/255.255.255.255

which aren't in the same network range... In any case, you cannot
specify which of the two options you want, and IPTables documentation
doesn't say it.
I think that this is one of the reasons why the ip-range option is not a
very useful one, and is only implemented (I suppose) in IPTables 2.4 and
2.6.

-Sergio
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards