[Firehol-support] FireQOS: Match to IP range
Brian Lusk
brianjlusk at yahoo.com
Thu Aug 27 13:42:13 BST 2015
Oooo, I didn't even consider bash scripting it. However, your iprange utility looks like it'll do the job. Thank you!
Brian
On Thursday, August 27, 2015 4:25 AM, "Tsaousis, Costa" <costa at tsaousis.gr> wrote:
Hi Brian,
You are right. I have done nothing for IP ranges.
However, since the config is a BASH script, you have many alternatives:
1) use a loop:
for x in {50..60}
do
match src 10.10.10.$x
done
The above is not optimal though. If you give it 200 IPs, it will
produce 200 matches.
2) use iprange - the optimal way
If you have the latest version of firehol, there is a tool called
iprange in the contrib directory. Install it (cd contrib; make
install).
then you can do this:
match4 src "$(echo "10.10.10.50 - 10.10.10.60" | iprange)"
This will produce only 4 matches for:
10.10.10.50/31
10.10.10.52/30
10.10.10.56/30
10.10.10.60
Costa
On Thu, Aug 27, 2015 at 8:03 AM, Brian Lusk <brianjlusk at yahoo.com> wrote:
> I've been working with FireQOS for about 2 weeks now, and while I've figured out most of the basics, one thing I haven't figured out yet... how to match for a range of IP addresses. Not a subnet, mind, a range of IP's, say from 10.10.10.50 - 10.10.10.60. While I could match on each IP address in the range with the following:
> match4 src 10.10.10.50match4 src 10.10.10.51....match4 src 10.10.10.60
> I'd much rather have an elegant way to do it, like "match4 src 10.10.10.50-10.10.10.60". I haven't figured out a way to do it yet. Is there an easy method to match in the QoS rules on a range of IPs that aren't necessarily a subnet?
> Thanks!Brian
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
More information about the Firehol-support
mailing list