Re: [exim] does "net-lsearch" support mask-ed IP ranges, or …

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Fred Viles
Date:  
À: exim-users
Sujet: Re: [exim] does "net-lsearch" support mask-ed IP ranges, or just indiv IPs?
On 17 Sep 2005 at 13:44, OpenMacNews wrote about
    "[exim] does "net-lsearch" support m":


| hi all,
| 
| i've
| 
|     ...
|     acl_smtp_connect         = acl_check_connect
|     acl_check_connect:
|     drop     hosts           = net-lsearch;/path/to/ipnets.blacklist
| 
|     accept
|     ...
| 
| 
| % cat /path/to/ipnets.blacklist
|     A.B.C.D/17        # TESTING ONLY

|...
| iiuc, per the spec & google, net-lsearch is the right choice for IP lookups.


Plain IP lookups, but not masked.

| is there an additional syntax requirement for IP masks?


Yes, look a bit further down in section 10.12. net17-lsearch would
have matched, in your example above. But keep reading...

| also, can my
| 'ipnets.blacklist' have a MIX of masked ranges and single IPs?


Not with netNN-lsearch. All the entries must have the same mask
(/NN).

What you are really wanting is the iplsearch lookup type:

  drop     hosts           = net-iplsearch;/path/to/ipnets.blacklist


- Fred