CIDR notation for RPZ rpz-ip ?
Nick Tait
nick at tait.net.nz
Fri May 17 23:37:50 UTC 2024
On 18/05/2024 09:11, J Doe wrote:
> Hello,
>
> When using RPZ with BIND 9.18.27 and rpz-ip, can any CIDR prefix be used
> or must they be either: /8, /16, /24, /32 for IPv4 ?
>
> For example, if I want to block records with an A address of
> 192.168.10.1, I know I can write:
>
> 32.1.10.168.192.rpz-ip IN CNAME .
>
> ... and records like A, MX, etc. that have an A value of: 192.168.10.1
> will receive a NXDOMAIN response.
>
> But am I able to block any CIDR ? For instance, if I wanted to block
> records like A, MX, etc. that have A values in: 192.168.10.1/22 can I
> use the following:
>
> 22.1.10.168.192.rpz-ip IN CNAME .
>
>
> Thanks,
>
> - J
Hi J.
Yes you can specify a CIDR network length that isn't on an 8-bit boundary.
In your example the /22 network address for 192.168.10.1 is actually
192.168.8.0, so you'd specify:
22.0.8.168.192.rpz-ip IN CNAME .
Nick.
More information about the bind-users
mailing list