CIDR notation for RPZ rpz-ip ?
J Doe
general at nativemethods.com
Sun May 26 23:13:02 UTC 2024
On 2024-05-17 19:37, Nick Tait via bind-users wrote:
> On 18/05/2024 09:11, J Doe wrote:
>> Hello,
>>
>> When using RPZ with BIND 9.18.27 and rpz-ip, can any CIDR prefix be used
>> or must they be either: /8, /16, /24, /32 for IPv4 ?
>>
>> For example, if I want to block records with an A address of
>> 192.168.10.1, I know I can write:
>>
>> 32.1.10.168.192.rpz-ip IN CNAME .
>>
>> ... and records like A, MX, etc. that have an A value of: 192.168.10.1
>> will receive a NXDOMAIN response.
>>
>> But am I able to block any CIDR ? For instance, if I wanted to block
>> records like A, MX, etc. that have A values in: 192.168.10.1/22 can I
>> use the following:
>>
>> 22.1.10.168.192.rpz-ip IN CNAME .
>>
>>
>> Thanks,
>>
>> - J
>
> Hi J.
>
> Yes you can specify a CIDR network length that isn't on an 8-bit boundary.
>
> In your example the /22 network address for 192.168.10.1 is actually
> 192.168.8.0, so you'd specify:
>
> 22.0.8.168.192.rpz-ip IN CNAME .
>
> Nick.
Hi Nick,
Thanks for your reply and thanks for catching my network error!
- J
More information about the bind-users
mailing list