[ previous ] [ next ] [ threads ]
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  <m0n0wall at lists dot m0n0 dot ch>, "Max Khitrov" <mkhitrov at umd dot edu>
 Subject:  AW: [m0n0wall] Beta 1.2b3
 Date:  Mon, 6 Dec 2004 09:26:49 +0100
How about builduing groups, just for the case that th IPs that should be filtered are not one after
another? For example:
Group Mailservers: IP,, and using the Groups as Aliases?
Maybe this could also be combined with the range feature if possible.

Holger Bauer

-----Ursprüngliche Nachricht-----
Von: Max Khitrov [mailto:mkhitrov at umd dot edu]
Gesendet: Sonntag, 5. Dezember 2004 20:23
An: m0n0wall at lists dot m0n0 dot ch
Betreff: Re: [m0n0wall] Beta 1.2b3

Jürgen Möllenhoff wrote:

> I have a feature request for the rules :), it would be nice if I could 
> use IP-Ranges e.g. (would apply to 3 IPs) or 
> something like,, (would apply for 
> the 3 IPs .4,.8,.12). In the moment I can only add a single IP or a 
> whole network (segment) but for a small network with not so many 
> (public) IPs the network segments waste a lot of IPs, of course if I 
> use a private network I can waste IPs as much as I like :) but I don't 
> have this advantage with public IPs and one of the major advantages 
> (for me) of m0n0wall is that I can use public IPs and that I'm not 
> limited to private IPs.

Well it looks like I'm not alone :) This was requested a while back, and 
unfortunately it turned out that because the software that was used for 
these rules doesn't support ranges, neither does the m0n0wall. I made a 
suggestion on how to overcome this, but it was more of a hack then a 
good solution. For me, I was trying to block some IPs from using the 
m0n0wall as their gateway, but instead what I ended up doing is setting 
up a base rule that any IP is blocked by default and then set up 
individual rules above it for any computer that should be allowed to go 
through. It works, but I agree that IP range feature is something that 
could be very useful in other situations. Would it be possible to modify 
the code of the software that handles this task and put in our own 
support for ip ranges? Iím not familiar with it, so canít say.

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Virus checked by G DATA AntiVirusKit
Version: AVK 15.0.1379 from 06.12.2004
Virus news: www.antiviruslab.com

Virus checked by G DATA AntiVirusKit