address match list syntaxs

Mark_Andrews at isc.org Mark_Andrews at isc.org
Mon Oct 8 00:51:41 UTC 2001 

	Give most addresses are actually handed out aligned this
	is usually not a problem.  If you really want to reduce the
	length of the acl request a CIDR aligned address block.
	You will have to renumber but you won't be forever having to
	add several entries when one would do if you had aligned
	address space.

	Remember A.B.C.D/E + A.B.C.D+1/E can always be reduced to
	A.B.C.D/E-1 if D is even, which makes it pretty easy to
	see where you can reduce expressions on the fly.

	Mark

> 
> Thank you for your responses - I was hoping there was a wild card type
> option, kinda of like using the $GENERATE statement in the zone files. This
> is an ongoing problem here with all these subnets. Addresses are assigned in
> blocks (usually contiguous) to the various divisions. For this particular
> problem I will make use of the CIDR concept. Giving my math skills this is
> going to be challenging.
> 
> Will I be able to get the check-net program to either run on Win32 or RedHat
> 7.1?
> 
> Thank all for your help - George
> 
> 
> > Our local subnets are a /24 sequence from 161.241.51/24 to 161.241.81/24 -
> <> > (its a private network).
> <> >
> <> > Creating an ACL for this group makes a rather long address
> <match list - ie:
> <> >
> <> > acl mylocalsubnets { 161.241.51/24; 161.241.52/24; 161.241.53/24;
> <> > 		161.241.54/24; .............. > 161.241.81;};
> <> >
> <> > I would be REALLY REALLY nice to be able to write it this way
> <> >
> <> > acl mylocalsubnets { 161.241.51-81/24;};
> <> >
> <> > Thanks!!
> <> > George Young
> <>
> 
> <Scratch that; 1+4+8+16+1 != 31.  Here's what I should have written:
> <
> <    161.241.51/24;
> <    161.241.52/22;    # covers 52-55 (3rd octet divisible by 4)
> <    161.241.56/21;    # covers 56-63 (3rd octet divisible by 8)
> <    161.241.64/20;    # covers 64-79 (3rd octet divisible by 16)
> <    161.241.80/23;    # covers 80-81 (3rd octet divisible by 2)
> <
> <I've written a little utility called 'check-net' which does
> <the necessary arithmetic to validate a network/CIDR and/or
> <network:subnetmask specification.  It's included in the 'h2n'
> <distribution at < ftp://ftp.hpl.hp.com/pub/h2n/h2n.tar.gz >.
> <
> <Andris Kalnozols
> <Hewlett-Packard Laboratories
> <andris at hpl.hp.com
> <
> <
> <
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list