[Firehol-support] FireQOS: Match to IP range

Brian Lusk brianjlusk at yahoo.com
Thu Aug 27 14:42:13 CEST 2015


Oooo, I didn't even consider bash scripting it.  However, your iprange utility looks like it'll do the job.  Thank you!
Brian 


     On Thursday, August 27, 2015 4:25 AM, "Tsaousis, Costa" <costa at tsaousis.gr> wrote:
   

 Hi Brian,

You are right. I have done nothing for IP ranges.

However, since the config is a BASH script, you have many alternatives:

1) use a loop:

for x in {50..60}
do
  match src 10.10.10.$x
done

The above is not optimal though. If you give it 200 IPs, it will
produce 200 matches.

2) use iprange - the optimal way

If you have the latest version of firehol, there is a tool called
iprange in the contrib directory. Install it (cd contrib; make
install).

then you can do this:

match4 src "$(echo "10.10.10.50 - 10.10.10.60" | iprange)"

This will produce only 4 matches for:

10.10.10.50/31
10.10.10.52/30
10.10.10.56/30
10.10.10.60

Costa


On Thu, Aug 27, 2015 at 8:03 AM, Brian Lusk <brianjlusk at yahoo.com> wrote:
> I've been working with FireQOS for about 2 weeks now, and while I've figured out most of the basics, one thing I haven't figured out yet... how to match for a range of IP addresses.  Not a subnet, mind, a range of IP's, say from 10.10.10.50 - 10.10.10.60.  While I could match on each IP address in the range with the following:
> match4 src 10.10.10.50match4 src 10.10.10.51....match4 src 10.10.10.60
> I'd much rather have an elegant way to do it, like "match4 src 10.10.10.50-10.10.10.60".  I haven't figured out a way to do it yet.  Is there an easy method to match in the QoS rules on a range of IPs that aren't necessarily a subnet?
> Thanks!Brian
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support

  


More information about the Firehol-support mailing list