On Mon, 19 Apr 2004, Philip Hazel wrote:
> I suppose what is needed is something like "wildlsearch", which I
> eventually implemented (after resisting it for some time, because it is
> not the same as the other single-key lookups). The new thing would do
> exactly what you want. Better not call it "netlsearch" because that
> would confuse; perhaps cidrlsearch?
For what it's worth: as a current workaround we have .db rejection for
the "class"-shaped subnets, and a plain file (cidr_reject) for any
remaining ranges to be blocked.
(The hostip_accept.db contains only individual addresses, evidently).
deny hosts = ! net-dbm;CONFIG_DIR/hostip_accept.db: \
net8-dbm;CONFIG_DIR/class_A_reject.db: \
net16-dbm;CONFIG_DIR/class_B_reject.db: \
net24-dbm;CONFIG_DIR/class_C_reject.db: \
CONFIG_DIR/cidr_reject : \
[... and some other stuff ...]
When blocking e.g a /23 group, one has the choice of adding a /23
entry to the cidr file, or two /24 ranges to the class_C .db.
And so on.
Of course, if a particular size of subnet seemed to be getting
prevalent in the cidr file, one could create an additional .db for it.
