Re: [exim] does "net-lsearch" support mask-ed IP ranges, or …

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Fred Viles
Datum:  
To: exim-users
Betreff: Re: [exim] does "net-lsearch" support mask-ed IP ranges, or just indiv IPs?
On 17 Sep 2005 at 15:18, OpenMacNews wrote about
    "Re: [exim] does "net-lsearch" suppo":


| hi fred,
|
| thx 4 the reply =)


No problem, though I did miss the obvious...

| >| % cat /path/to/ipnets.blacklist
| >|     A.B.C.D/17        # TESTING ONLY
| >| ...
| >| iiuc, per the spec & google, net-lsearch is the right choice for IP lookups.
| >
| > Plain IP lookups, but not masked.
| >
| >| is there an additional syntax requirement for IP masks?
| >
| > Yes, look a bit further down in section 10.12.  net17-lsearch would
| > have matched, in your example above.  But keep reading...
| 
| re-rtfm-ing ...
| 
| aha. i think.
| 
| changing:
| 
|     ---    drop     hosts           = net-lsearch;/path/to/ipnets.blacklist
|     +++    drop     hosts           = /path/to/ipnets.blacklist


Well, yes. In your case, there was no need to do an explicit lookup
at all. I was focusing on how the lookups work, and forgot to think
about how host lists work in the first place. Good job.

| cool. assuming this *is* what you *intended* me to find by 'reading futher',
| thx!


Wish I could take credit, but no. I was just pointing you at the
answer to your specific question (netNN-).

|...
| > What you are really wanting is the iplsearch lookup type:
| >
| >   drop     hosts           = net-iplsearch;/path/to/ipnets.blacklist

|...
| ok, now, so ...
| 
|     drop     hosts           = /path/to/ipnets.blacklist
| 
| works as expected/hoped for a mixed list of masked (*.*.*.*/NN) and single 
| (*.*.*.*) ips. and, so does
| 
|     drop     hosts           = net-iplsearch;/path/to/ipnets.blacklist
| 
| so what is, if any, the advantage of using "net-iplsearch;/blah" in this action?


Good question. It is restricted to IP addresses and nets, so it may
be a little quicker since it doesn't have to consider hostname and
wildcard syntax. But I doubt that's very significant. I imagine
[net-]iplsearch is mainly intended to be used in contexts other than
a hostlist option.

- Fred