Re: [fw-wiz] IP Ranges

Security Guy escribió:
specifically regarding PIX

Object groups do make ACL management a whole lot easier, but you're
still stuck specifying hosts or contiguous networks within the group,
you can't just put in a range like that doesn't
summarize nicely.

Mmmm. I was thinking and experimenting with several subnet calculators,
and I conclude that the only ranges that can be specifyed are of the
kind IP/CIDR, because if you specify something like it
can mean that range of ten IPs (in this case, in other cases it can be
several IPs), or it can mean:

which aren't in the same network range... In any case, you cannot
specify which of the two options you want, and IPTables documentation
doesn't say it.
I think that this is one of the reasons why the ip-range option is not a
very useful one, and is only implemented (I suppose) in IPTables 2.4 and

firewall-wizards mailing list