Re: [fw-wiz] IP Ranges
- From: Sergio Pozo Hidalgo <sergio@xxxxxxxxx>
- Date: Fri, 30 Mar 2007 16:51:36 +0200
Security Guy escribió:
specifically regarding PIX
Object groups do make ACL management a whole lot easier, but you're
still stuck specifying hosts or contiguous networks within the group,
you can't just put in a range like 192.168.10.15-28 that doesn't
summarize nicely.
Mmmm. I was thinking and experimenting with several subnet calculators,
and I conclude that the only ranges that can be specifyed are of the
kind IP/CIDR, because if you specify something like 192.168.1.20-30 it
can mean that range of ten IPs (in this case, in other cases it can be
several IPs), or it can mean:
192.168.1.20/255.255.255.252
192.168.1.24/255.255.255.252
192.168.1.28/255.255.255.254
192.168.1.30/255.255.255.255
which aren't in the same network range... In any case, you cannot
specify which of the two options you want, and IPTables documentation
doesn't say it.
I think that this is one of the reasons why the ip-range option is not a
very useful one, and is only implemented (I suppose) in IPTables 2.4 and
2.6.
-Sergio
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] IP Ranges
- From: Sergio Pozo Hidalgo
- Re: [fw-wiz] IP Ranges
- From: Jason Gervia
- Re: [fw-wiz] IP Ranges
- From: Fetch, Brandon
- Re: [fw-wiz] IP Ranges
- From: Security Guy
- [fw-wiz] IP Ranges
- Prev by Date: Re: [fw-wiz] IP Ranges
- Next by Date: Re: [fw-wiz] OT? New compromise.
- Previous by thread: Re: [fw-wiz] IP Ranges
- Next by thread: [fw-wiz] [OT?] Accounting from PIX Logs
- Index(es):
Relevant Pages
|
