[Firehol-support] FireQOS: Match to IP range

Tsaousis, Costa costa at tsaousis.gr
Thu Aug 27 20:54:10 BST 2015 

iprange can do a lot more than this.

Check this: https://github.com/ktsaou/firehol/wiki/iprange:-optimizing-ipsets-for-iptables

Costa


On Thu, Aug 27, 2015 at 3:42 PM, Brian Lusk <brianjlusk at yahoo.com> wrote:
> Oooo, I didn't even consider bash scripting it.  However, your iprange
> utility looks like it'll do the job.  Thank you!
>
> Brian
>
>
>
> On Thursday, August 27, 2015 4:25 AM, "Tsaousis, Costa" <costa at tsaousis.gr>
> wrote:
>
>
> Hi Brian,
>
> You are right. I have done nothing for IP ranges.
>
> However, since the config is a BASH script, you have many alternatives:
>
> 1) use a loop:
>
> for x in {50..60}
> do
>   match src 10.10.10.$x
> done
>
> The above is not optimal though. If you give it 200 IPs, it will
> produce 200 matches.
>
> 2) use iprange - the optimal way
>
> If you have the latest version of firehol, there is a tool called
> iprange in the contrib directory. Install it (cd contrib; make
> install).
>
> then you can do this:
>
> match4 src "$(echo "10.10.10.50 - 10.10.10.60" | iprange)"
>
> This will produce only 4 matches for:
>
> 10.10.10.50/31
> 10.10.10.52/30
> 10.10.10.56/30
> 10.10.10.60
>
> Costa
>
>
> On Thu, Aug 27, 2015 at 8:03 AM, Brian Lusk <brianjlusk at yahoo.com> wrote:
>> I've been working with FireQOS for about 2 weeks now, and while I've
>> figured out most of the basics, one thing I haven't figured out yet... how
>> to match for a range of IP addresses.  Not a subnet, mind, a range of IP's,
>> say from 10.10.10.50 - 10.10.10.60.  While I could match on each IP address
>> in the range with the following:
>> match4 src 10.10.10.50match4 src 10.10.10.51....match4 src 10.10.10.60
>> I'd much rather have an elegant way to do it, like "match4 src
>> 10.10.10.50-10.10.10.60".  I haven't figured out a way to do it yet.  Is
>> there an easy method to match in the QoS rules on a range of IPs that aren't
>> necessarily a subnet?
>> Thanks!Brian
>
>> _______________________________________________
>> Firehol-support mailing list
>> Firehol-support at lists.firehol.org
>> http://lists.firehol.org/mailman/listinfo/firehol-support
>

More information about the Firehol-support mailing list