On 17 Sep 2005 at 15:18, OpenMacNews wrote about
"Re: [exim] does "net-lsearch" suppo":
| hi fred,
|
| thx 4 the reply =)
No problem, though I did miss the obvious...
| >| % cat /path/to/ipnets.blacklist
| >| A.B.C.D/17 # TESTING ONLY
| >| ...
| >| iiuc, per the spec & google, net-lsearch is the right choice for IP lookups.
| >
| > Plain IP lookups, but not masked.
| >
| >| is there an additional syntax requirement for IP masks?
| >
| > Yes, look a bit further down in section 10.12. net17-lsearch would
| > have matched, in your example above. But keep reading...
|
| re-rtfm-ing ...
|
| aha. i think.
|
| changing:
|
| --- drop hosts = net-lsearch;/path/to/ipnets.blacklist
| +++ drop hosts = /path/to/ipnets.blacklist
Well, yes. In your case, there was no need to do an explicit lookup
at all. I was focusing on how the lookups work, and forgot to think
about how host lists work in the first place. Good job.
| cool. assuming this *is* what you *intended* me to find by 'reading futher',
| thx!
Wish I could take credit, but no. I was just pointing you at the
answer to your specific question (netNN-).
|...
| > What you are really wanting is the iplsearch lookup type:
| >
| > drop hosts = net-iplsearch;/path/to/ipnets.blacklist
|...
| ok, now, so ...
|
| drop hosts = /path/to/ipnets.blacklist
|
| works as expected/hoped for a mixed list of masked (*.*.*.*/NN) and single
| (*.*.*.*) ips. and, so does
|
| drop hosts = net-iplsearch;/path/to/ipnets.blacklist
|
| so what is, if any, the advantage of using "net-iplsearch;/blah" in this action?
Good question. It is restricted to IP addresses and nets, so it may
be a little quicker since it doesn't have to consider hostname and
wildcard syntax. But I doubt that's very significant. I imagine
[net-]iplsearch is mainly intended to be used in contexts other than
a hostlist option.
- Fred
