Re: [exim] does "net-lsearch" support mask-ed IP ranges, or …

トップ ページ
このメッセージを削除
このメッセージに返信
著者: John W. Baxter
日付:  
To: exim-users
題目: Re: [exim] does "net-lsearch" support mask-ed IP ranges, or just indiv IPs?
On 9/17/05 3:44 PM, "Fred Viles" <fv+exim@???> wrote:

> On 17 Sep 2005 at 15:18, OpenMacNews wrote about
>     "Re: [exim] does "net-lsearch" suppo":

>
> | hi fred,
> |
> | thx 4 the reply =)
>
> No problem, though I did miss the obvious...
>
> | >| % cat /path/to/ipnets.blacklist
> | >|  A.B.C.D/17        # TESTING ONLY
> | >| ...
> | >| iiuc, per the spec & google, net-lsearch is the right choice for IP
> lookups.
> | >
> | > Plain IP lookups, but not masked.
> | >
> | >| is there an additional syntax requirement for IP masks?
> | >
> | > Yes, look a bit further down in section 10.12.  net17-lsearch would
> | > have matched, in your example above.  But keep reading...
> | 
> | re-rtfm-ing ...
> | 
> | aha. i think.
> | 
> | changing:
> | 
> |     ---    drop     hosts           = net-lsearch;/path/to/ipnets.blacklist
> |     +++    drop     hosts           = /path/to/ipnets.blacklist

>
> Well, yes. In your case, there was no need to do an explicit lookup
> at all. I was focusing on how the lookups work, and forgot to think
> about how host lists work in the first place. Good job.
>
> | cool. assuming this *is* what you *intended* me to find by 'reading futher',
> | thx!
>
> Wish I could take credit, but no. I was just pointing you at the
> answer to your specific question (netNN-).
>
> |...
> | > What you are really wanting is the iplsearch lookup type:
> | >
> | >   drop     hosts           = net-iplsearch;/path/to/ipnets.blacklist
> |...
> | ok, now, so ...
> | 
> |     drop     hosts           = /path/to/ipnets.blacklist
> | 
> | works as expected/hoped for a mixed list of masked (*.*.*.*/NN) and single
> | (*.*.*.*) ips. and, so does
> | 
> |     drop     hosts           = net-iplsearch;/path/to/ipnets.blacklist
> | 
> | so what is, if any, the advantage of using "net-iplsearch;/blah" in this
> action?

>
> Good question. It is restricted to IP addresses and nets, so it may
> be a little quicker since it doesn't have to consider hostname and
> wildcard syntax. But I doubt that's very significant. I imagine
> [net-]iplsearch is mainly intended to be used in contexts other than
> a hostlist option.


I think I remember that "it just grew." First netlsearch, then the NN
version, then the variable mask version, as people wished for more. And the
earlier ones can't be removed (cf my other message, about breakage).

--John