Coax wrote:
ySQL acl that does the following on connect:
>
> deny message = $sender_host_address found in local blacklist..
> hosts = mysql;select address from global_blacklist where \
> address = '$sender_host_address'
>
>
>
> Problem is, I have to blacklist each individual IP address i'd like
> blacklisted - in order for this to work.
>
> I'd like to store '127.0.0' in the database, and have the acl strip the
> trailing '.' and following numbers located in $sender_host_address - and
> query the database for THAT. (i.e. i'd like to blacklist a whole subnet!)
If you can save whole subnets with masks like 127.0.0.0/24 instead of
127.0.0 you could use the ${mask operator, like this:
mysql;select 1 from global_blacklist where \
address = '$sender_host_address' or \
address = '${mask:$sender_host_address/24}' or \
address = '${mask:$sender_host_address/16}' or \
address = '${mask:$sender_host_address/8}'
If you want to use the "127.0.0" syntax, you could try:
mysql;select 1 from global_blacklist where \
address = '$sender_host_address' or \
address = '${sg{$sender_host_address}{\N\.\d+$\N}{}}' or \
address = '${sg{$sender_host_address}{\N\(?:.\d+){2}$\N}{}}' or \
address = '${sg{$sender_host_address}{\N\(?:.\d+){3}$\N}{}}'
Or some similar expansion-magic (${extract for example).
Nico
