acl (access-lists)

Kevin Darcy kcd at daimlerchrysler.com
Thu Jul 20 21:11:29 UTC 2000


Kelly Scroggins wrote:

> I'm wondering if I can define an access-list that
> will restrict a range of addresses within a
> subnet.  As opposed to the entire subnet.
>
> I want to restrict some address from making
> queries to a specific zone.  Or restrict them TO
> a zone.
>
> Is this possible?

It's all possible, it's just a matter of how ugly you want to get. BIND
8's address match list syntax doesn't support arbitrary ranges of
addresses, but if the range happens to be on a bit boundary, you can use
prefix notation. And, of course, there's always individual enumeration
of addresses and/or negation operators. To make things at least a
*little* maintainable, you may wish to give discrete ranges their own
ACL names, and then nest those ACL's into larger ACL's where necessary.


- Kevin





More information about the bind-users mailing list