[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Naming (ip)pools
From:       "Michael T. Davis" <DAVISM () ecr6 ! ohio-state ! edu>
Date:       2010-07-18 20:19:11
Message-ID: 29450_1279485326_4C43658E_29450_9_1_01NPMTM3D86Q96E62Z () ecr6 ! ohio-state ! edu
[Download RAW message or body]

	I see from...

               http://blogs.sun.com/avalon/entry/ipfilter_4_1_14

...that with IPFilter v4.1.14 (and, presumably, newer), we get to use "short
pool names."   Per the cited example:

  ippool.conf: 
    table role = ipf type = tree name = letters
     { 1.1.1.1/32; !2.2.0.0/16; 2.2.2.0/24; };

  ipf.conf: 
    pass in from pool/letters to any

The ippool-related man pages in NetBSD 5.0.2, which includes IPFilter v4.1.29,
seem to lean toward only supporting the "number = <digit[s]>" form for
declaring a pool.  Is it just that the man pages haven't been updated, and
that the "name = <alpha>" format is, in fact, supported?  If so, are we
limited to only alphabetic characters, or is there a wider scope on the types
of characters allowed?  Is a pool name case-sensitive?  In general, is there
a "character class" (or multiple classes) that can be cited to cover the
allowed characters?  What about name lengths?  ("short" seems just a bit
vague. ;-)

	This feature looks quite promising.  For example, we have a number of
systems to which we need to support FTP access sparsely located in our address
space.  Am I correct that we could define a pool of these addresses and use
only a single rule to pass FTP to them?

	BTW, I don't see any "rc glue" (an ippool file in /etc/rc.d, for
example) in NetBSD 5.0.2.  What's the best mechanism to get an ippool
configuration file loaded at startup?  Or is IPF hardcoded to detect the
presence of /etc/ippool.conf and "do the right thing" all on its own?

Thanks,
Mike
-- 
         Michael T. Davis  (Mike)        | Manager for Networking, Admin.
    E-mail: davism@ecr6.ohio-state.edu   | & Research Computing: CBE/MSE
 -or- davism+@osu.edu, davis.157@osu.edu |   The Ohio State University
 http://www.ecr6.ohio-state.edu/~davism/ |   197 Watts, (614) 292-6928
              ** E-mail is the best way to contact me **
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic